Azure Management Lock

This page shows how to write Terraform and Azure Resource Manager for Management Lock and write them securely.

azurerm_management_lock (Terraform)

The Lock in Management can be configured in Terraform with the resource name azurerm_management_lock. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

resource_management_locks.tf#L1
resource "azurerm_management_lock" "acr" {
  name       = "az_mgm_lock_aks"
  scope      = azurerm_resource_group.acr.id
  lock_level = "CanNotDelete"
  notes      = "To prevent Production Resource Group from being deleted"
}
storage.tf#L20
resource "azurerm_management_lock" "data_rg_lock" {
  name       = "osdu_storage_rg_lock"
  scope      = azurerm_resource_group.storage_rg.id
  lock_level = "CanNotDelete"
}

rg-locks.tf#L2
resource "azurerm_management_lock" "lock-tfstate-rg" {
  lock_level = "CanNotDelete"
  name       = "locked-tfstate-rg"
  scope      = azurerm_resource_group.tfstate.id
  notes      = "no delete tfstate rg"
}
main.tf#L6
resource "azurerm_management_lock" "vm-lock" {
  for_each   = { for vm in local.vm_list : vm.name => vm }
  name       = "vm-lock"
  scope      = each.value.id
  lock_level = "CanNotDelete"
  notes      = "All Vms are locked automatically"
public-ips.tf#L39
resource "azurerm_management_lock" "resource_lock_fw" {
  name       = "resource-level"
  scope      = azurerm_public_ip.pip_azure_1.id
  lock_level = "CanNotDelete"
  notes      = "This IP is locked to prevent accidental deletion"
}
main.tf#L5
resource "azurerm_management_lock" "this" {
  name       = var.name
  scope      = data.azurerm_resource_group.this.id
  lock_level = "CanNotDelete"
}
main.tf#L15
resource "azurerm_management_lock" "this" {
  count = var.management_lock_create ? 1 : 0

  name       = "can-not-delete-lock"
  scope      = azurerm_resource_group.this[count.index].id
  lock_level = "CanNotDelete"
main.tf#L15
resource "azurerm_management_lock" "this" {
  count = var.resource_group_create ? 1 : 0

  name       = "can-not-delete-lock"
  scope      = azurerm_resource_group.this[count.index].id
  lock_level = "CanNotDelete"
main.tf#L1
resource "azurerm_management_lock" "lock" {
  name       = var.name
  scope      = var.scope
  lock_level = var.lock_level
  notes      = var.notes
keyvault_core_management_locks.tf#L1
resource "azurerm_management_lock" "keyvault_core_lock" {
  count = local.coreEnv == "dev" ? 1 : 0

  name       = "write-lock-keyvault"
  scope      = azurerm_key_vault.keyvault_core[0].id
  lock_level = "CanNotDelete"

Review your Terraform file for Azure best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Manages a Management Lock which is scoped to a Subscription, Resource Group or Resource.

Microsoft.Authorization/locks (Azure Resource Manager)

The locks in Microsoft.Authorization can be configured in Azure Resource Manager with the resource name Microsoft.Authorization/locks. The following sections describe how to use the resource and its parameters.

Example Usage from GitHub

RouteTableLocks.json#L11
            "type": "Microsoft.Authorization/locks",
            "apiVersion": "2016-09-01",
            "scope": "Microsoft.Network/routeTables/crgar-aks-19-routetable",
            "properties": {​​​​
                "level": "CanNotDelete"
            }​​​​
ManagementLocks_CreateOrUpdateAtScope.json#L19
        "type": "Microsoft.Authorization/locks",
        "name": "testlock"
      }
    },
    "200": {
      "body": {
ManagementLocks_CreateOrUpdateAtSubscriptionLevel.json#L19
        "type": "Microsoft.Authorization/locks",
        "name": "testlock"
      }
    },
    "200": {
      "body": {
ManagementLocks_CreateOrUpdateAtResourceGroupLevel.json#L20
        "type": "Microsoft.Authorization/locks",
        "name": "testlock"
      }
    },
    "200": {
      "body": {

Frequently asked questions

What is Azure Management Lock?

Azure Management Lock is a resource for Management of Microsoft Azure. Settings can be wrote in Terraform.

Where can I find the example code for the Azure Management Lock?

For Terraform, the nhs-digital-gp-it-futures/platform, tonywu70/OSDU-R2 and linuxlsr/azureLearning source code examples are useful. See the Terraform Example section for further details.

For Azure Resource Manager, the crgarcia12/azure-aks-secure, otubukhay/mlnewpropertyApi and otubukhay/mlnewpropertyApi source code examples are useful. See the Azure Resource Manager Example section for further details.