Azure Management Lock
This page shows how to write Terraform and Azure Resource Manager for Management Lock and write them securely.
azurerm_management_lock (Terraform)
The Lock in Management can be configured in Terraform with the resource name azurerm_management_lock
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "azurerm_management_lock" "acr" {
name = "az_mgm_lock_aks"
scope = azurerm_resource_group.acr.id
lock_level = "CanNotDelete"
notes = "To prevent Production Resource Group from being deleted"
}
resource "azurerm_management_lock" "data_rg_lock" {
name = "osdu_storage_rg_lock"
scope = azurerm_resource_group.storage_rg.id
lock_level = "CanNotDelete"
}
resource "azurerm_management_lock" "lock-tfstate-rg" {
lock_level = "CanNotDelete"
name = "locked-tfstate-rg"
scope = azurerm_resource_group.tfstate.id
notes = "no delete tfstate rg"
}
resource "azurerm_management_lock" "vm-lock" {
for_each = { for vm in local.vm_list : vm.name => vm }
name = "vm-lock"
scope = each.value.id
lock_level = "CanNotDelete"
notes = "All Vms are locked automatically"
resource "azurerm_management_lock" "resource_lock_fw" {
name = "resource-level"
scope = azurerm_public_ip.pip_azure_1.id
lock_level = "CanNotDelete"
notes = "This IP is locked to prevent accidental deletion"
}
resource "azurerm_management_lock" "this" {
name = var.name
scope = data.azurerm_resource_group.this.id
lock_level = "CanNotDelete"
}
resource "azurerm_management_lock" "this" {
count = var.management_lock_create ? 1 : 0
name = "can-not-delete-lock"
scope = azurerm_resource_group.this[count.index].id
lock_level = "CanNotDelete"
resource "azurerm_management_lock" "this" {
count = var.resource_group_create ? 1 : 0
name = "can-not-delete-lock"
scope = azurerm_resource_group.this[count.index].id
lock_level = "CanNotDelete"
resource "azurerm_management_lock" "lock" {
name = var.name
scope = var.scope
lock_level = var.lock_level
notes = var.notes
resource "azurerm_management_lock" "keyvault_core_lock" {
count = local.coreEnv == "dev" ? 1 : 0
name = "write-lock-keyvault"
scope = azurerm_key_vault.keyvault_core[0].id
lock_level = "CanNotDelete"
Parameters
-
id
optional computed - string -
lock_level
required - string -
name
required - string -
notes
optional - string -
scope
required - string -
timeouts
single block
Explanation in Terraform Registry
Manages a Management Lock which is scoped to a Subscription, Resource Group or Resource.
Microsoft.Authorization/locks (Azure Resource Manager)
The locks in Microsoft.Authorization can be configured in Azure Resource Manager with the resource name Microsoft.Authorization/locks
. The following sections describe how to use the resource and its parameters.
Example Usage from GitHub
"type": "Microsoft.Authorization/locks",
"apiVersion": "2016-09-01",
"scope": "Microsoft.Network/routeTables/crgar-aks-19-routetable",
"properties": {
"level": "CanNotDelete"
}
"type": "Microsoft.Authorization/locks",
"name": "testlock"
}
},
"200": {
"body": {
"type": "Microsoft.Authorization/locks",
"name": "testlock"
}
},
"200": {
"body": {
"type": "Microsoft.Authorization/locks",
"name": "testlock"
}
},
"200": {
"body": {
Frequently asked questions
What is Azure Management Lock?
Azure Management Lock is a resource for Management of Microsoft Azure. Settings can be wrote in Terraform.
Where can I find the example code for the Azure Management Lock?
For Terraform, the nhs-digital-gp-it-futures/platform, tonywu70/OSDU-R2 and linuxlsr/azureLearning source code examples are useful. See the Terraform Example section for further details.
For Azure Resource Manager, the crgarcia12/azure-aks-secure, otubukhay/mlnewpropertyApi and otubukhay/mlnewpropertyApi source code examples are useful. See the Azure Resource Manager Example section for further details.