Q: How do I stop accidental Azure resource deletion?

Q: How do I stop accidental Azure resource deletion?

Q. If I have critical resources in Azure how can I stop them accidently being deleted by a user or administrator?

A. If a resource is deleted, it cannot be undeleted in Azure. Therefore, care should always be taken when deleting resources. 

However, a new feature can help in stopping the accidental deletion of important resources: It is now possible to lock resources in Azure, and resources need to be unlocked before they can be deleted.

There is no graphic user interface. Instead PowerShell is used.

You must be in ARM mode to use the new lock capability (Switch-AzureMode -Name AzureResourceManager) and then the various AzureResourceLock cmdlets are used. Below is example PowerShell to create, view and remove locks on a ResourceGroup (which would then apply to all resources in the resource group). Locks can also be applied to resources such as a storage account.

Switch-AzureMode -Name AzureResourceManager
New-AzureResourceLock -LockLevel CanNotDelete `
    -LockName SpecialRGLock ` 
    -LockNotes "Don't want to delete"
    -ResourceGroupName RGStorageEastUS

Get-AzureResourceLock

Remove-AzureResourceLock `
    -LockName SpecialRGLock ` 
    -ResourceGroupName RGStorageEastUS

Locks can also be created as part of a JSON template using the lock resource provider. Note that PowerShell only allows a lock level of CanNotDelete however ReadOnly is also available via the REST API.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish