azurerm_management_lock

Manages a Management Lock which is scoped to a Subscription, Resource Group or Resource.

Example Usage (Subscription Level Lock)

data "azurerm_subscription" "current" {
}

resource "azurerm_management_lock" "subscription-level" {
  name       = "subscription-level"
  scope      = data.azurerm_subscription.current.id
  lock_level = "CanNotDelete"
  notes      = "Items can't be deleted in this subscription!"
}

Example Usage (Resource Group Level Lock)

resource "azurerm_resource_group" "example" {
  name     = "locked-resource-group"
  location = "West Europe"
}

resource "azurerm_management_lock" "resource-group-level" {
  name       = "resource-group-level"
  scope      = azurerm_resource_group.example.id
  lock_level = "ReadOnly"
  notes      = "This Resource Group is Read-Only"
}

Example Usage (Resource Level Lock)

resource "azurerm_resource_group" "example" {
  name     = "locked-resource-group"
  location = "West Europe"
}

resource "azurerm_public_ip" "example" {
  name                    = "locked-publicip"
  location                = azurerm_resource_group.example.location
  resource_group_name     = azurerm_resource_group.example.name
  allocation_method       = "Static"
  idle_timeout_in_minutes = 30
}

resource "azurerm_management_lock" "public-ip" {
  name       = "resource-ip"
  scope      = azurerm_public_ip.example.id
  lock_level = "CanNotDelete"
  notes      = "Locked because it's needed by a third-party"
}

Argument Reference

The following arguments are supported:

Attributes Reference

In addition to the Arguments listed above - the following Attributes are exported:

Timeouts

The timeouts block allows you to specify timeouts for certain actions:

Import

Management Locks can be imported using the resource id, e.g.

terraform import azurerm_management_lock.lock1 /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/mygroup1/providers/Microsoft.Authorization/locks/lock1