Imagine you’ve built a magnificent sandcastle at the beach. It’s intricate, detailed, and the product of hours of work. Now, you want to protect it from any accidental kicks or eager hands that might destroy it. In the world of Azure, your resources are your sandcastles, and to protect them, Azure provides two powerful tools: Read-only locks and Delete locks.
Meet the Guards: Read-only and Delete Locks
In Azure, locks act as vigilant guards, ensuring your resources stay safe from unwanted changes or deletions. Here’s how each lock type works:
-
Read-only Lock: The Guardian of Integrity
A read-only lock is like placing a “Do Not Touch” sign on your sandcastle. It prevents any changes to the resource. Users can look at the resource, examine its details, and even admire its beauty, but they can’t alter or delete it.
Use Case: When you have a critical resource configuration that should remain untouched. Think of it like locking down a production environment after rigorous testing.
Behavior: Imagine setting your sandcastle in a glass display. Everyone can see it, but no one can touch or change it.
-
Delete Lock: The Guardian of Existence
A delete lock is like placing a “No Entry” sign around your sandcastle, ensuring it can’t be destroyed. Users can modify the resource and make updates, but deletion is off the table.
Use Case: Perfect for resources you never want to lose accidentally, like a production database or a key virtual machine.
Behavior: It’s like having a protective barrier around your sandcastle. Changes are allowed, but bulldozers are strictly prohibited.
Applying Your Guards
Setting up these locks in Azure is straightforward. You can apply them at various levels: the subscription, resource group, or individual resource level. Here’s how you can do it:
Using the Azure Portal:
Step1: Navigate to the resource, resource group, or subscription you want to lock. Here I will be using a resource group I created earlier.
Step2: In the left menu, select Locks and click Add to add a new lock
Step3: Specify the lock type (Read-only or Delete), provide a name, notes and save the lock. Here I chose Delete
You can then try to Delete the Resource Group, you will notice you cant!
Source link
lol