Skip to main content
Jorge Bernhardt Jorge Bernhardt
  1. Posts/

How to use Azure Resource Locks with PowerShell

·436 words·3 mins· 100 views · 5 likes ·
Azure PowerShell Get-AzResourceLock Get-AzSubscription Login-AzAccount

If you want to prevent accidental deletion or changes to resources in your Azure Resource Groups, Microsoft Azure offers a great solution: Azure Resource Locks. In this post, I want to show you how to use Azure Resource Locks in Microsoft Azure using Azure PowerShell.

Features>

Features #

There are two different types of locks available:

  • **CanNotDelete: ** Users can read and modify a resource, but can not eliminate the resource.
  • _ReadOnly: _ Users can read a resource, but can not delete or update the resource.

Important: Locks apply across all users and roles. Azure Resource Locks can be applied at different levels:

  • Subscription
  • Resource Group
  • Resource

Locks are inherited within the scope where they apply. The most restrictive lock in the inheritance takes precedence

Az PowerShell Workaround>

Az PowerShell Workaround #

If you want to know how to install the PowerShell Az module on your machine, check out this link. The simplest way to get started is to sign in interactively at the command line.

Login-AzAccount

If you have more than one subscription associated with your mail account, you can choose the default subscription. To perform this task we will use the following commands:

Get-AzSubscription
Select-AzSubscription -Subscription "My Subscription"

Once you set your default subscription, you are ready to add locks to your Azure Resources.

Creates an Azure resource lock>

Creates an Azure resource lock #

if you want to lock a resource, you should use the New-AzResourceLock cmdlet with the following syntax:

New-AzResourceLock `
    -LockName Lock-Vnet `
    -LockLevel ReadOnly `
    -ResourceGroupName RG-CLI `
    -ResourceName VNet-Demo `
    -ResourceType Microsoft.Network/virtualNetworks `
    -Force

Azure Resource Locks
To lock a resource group, you should use the New-AzResourceLock cmdlet with the following syntax:

New-AzResourceLock `
    -LockName Lock-RG `
    -LockLevel CanNotDelete `
    -ResourceGroupName RG-CLI `
    -Force

New-AzResourceLock

List all locks in your subscription>

List all locks in your subscription #

You can view all locks in your subscription using the Get-AzResourceLock cmdlet.

Get-AzResourceLock

Get-AzResourceLock

Modifies an Azure resource lock>

Modifies an Azure resource lock #

if you want to modify an existing block, you should use the Set-AzResourceLock cmdlet with the following syntax:

Set-AzResourceLock  `
    -LockName Lock-Vnet `
    -LockLevel CanNotDelete `
    -LockNotes "some changes-www.jorgebernhadt.com" `
    -ResourceGroupName RG-CLI `
    -ResourceName VNet-Demo `
    -ResourceType Microsoft.Network/virtualNetworks `
    -Force

Set-AzResourceLock

Remove an Azure resource lock>

Remove an Azure resource lock #

To remove a lock of an Azure resource, you should use the following commands:

$lockId = (Get-AzResourceLock `
    -LockName Lock-Vnet `
    -ResourceGroupName RG-CLI `
    -ResourceName VNet-Demo `
    -ResourceType Microsoft.Network/virtualNetworks).lockid

Remove-AzResourceLock -LockId $lockId

Remove-AzResourceLock

This cmdlet allows to establish or update the configuration of a specified printer

If you want to know more about Azure Resource Locks, check out this link.