Configure resource locks

In this exercise, you use resource locks to prevent accidental deletion of a file.

This exercise should take approximately 15 minutes to complete.

Task 1: Create a resource group

In this task, you’ll create a resource group. By creating a resource group for this exercise, it will make it easier to clean up the exercise when you’re complete.

  1. Log into the Azure portal.
  2. Select Resource groups.
  3. Select Create.
  4. Select the subscription you will use for this exercise from the Subscription dropdown list.
  5. Enter IntroAzureRG for the resource group name.
  6. Select Central US as the region.
  7. Select Review + create.
  8. Select Create.
  9. Select Home.

Task 2: Create a resource

In order to apply a resource lock, you have to have a resource created in Azure. The first task focuses on creating a resource that you can then lock in subsequent tasks.

  1. Select Create a resource.
  2. Under Categories, select Infrastructure Services.
  3. Under Storage Account, select Create.

  4. On the Basics tab of the Create storage account blade, fill in the following information. Leave the defaults for everything else.

    Setting Value
    Resource group Select IntroAzureRG
    Storage account name enter a unique storage account name
    Location default
    Performance Standard
    Redundancy Locally redundant storage (LRS)
  5. Select Review + Create to review your storage account settings and allow Azure to validate the configuration.
  6. Once validated, select Create. Wait for the notification that the account was successfully created.
  7. Select Go to resource.

Task 3: Apply a read-only resource lock

In this task you apply a read-only resource lock to the storage account. What impact do you think that has on the storage account?

  1. Scroll down until you find the Settings section of the blade on the left of the screen.
  2. Select Locks.
  3. Select + Add.

Screenshot of the Add lock feature on a storage account set for a read-only lock.

  1. Enter a Lock name.
  2. Verify the Lock type is set to Read-only.
  3. Select OK.

Task 4: Add a container to the storage account

In this task, you add a container to the storage account. This container is where you can store your blobs.

  1. Scroll up until you find the Data storage section of the blade on the left of the screen.
  2. Select Containers.

  3. Select + Container. Screenshot of the add container process outlined in this task.

  4. Enter a container name and select Create.
  5. You should receive an error message: Failed to create storage container.

Screenshot of the Failed to create storage container error message.

[!NOTE] The error message lets you know that you couldn’t create a storage container because a lock is in place. The read-only lock prevents any create or update operations on the storage account, so you’re unable to create a storage container.

Task 5: Modify the resource lock and create a storage container

  1. Scroll down until you find the Settings section of the blade on the left of the screen.
  2. Select Locks.
  3. Select the read-only resource lock you created.
  4. Change the Lock type to Delete and select OK.

Screenshot midway through task process of changing the lock type on a resource lock.

  1. Scroll up until you find the Data storage section of the blade on the left of the screen.
  2. Select Containers.
  3. Select + Container.
  4. Enter a container name and select Create.
  5. Your storage container should appear in your list of containers.

You can now understand how the read-only lock prevented you from adding a container to your storage account. Once the lock type was changed (you could have removed it instead), you were able to add a container.

Task 6: Delete the storage account

You’ll actually do this last task twice. Remember that there’s a delete lock on the storage account, so you won’t actually be able to delete the storage account yet.

  1. Scroll up until you find Overview at the top of the blade on the left of the screen.
  2. Select Overview.
  3. Select Delete.

Screenshot of the deletion process for deleting a storage account.

You should get a notification letting you know you can’t delete the resource because it has a delete lock. In order to delete the storage account, you need to remove the delete lock.

Screenshot of the Delete storage account error, explaining that a resource lock prevents deletion.

Task 7: Remove the delete lock and delete the storage account

In the final task, you remove the resource lock and delete the storage account from your Azure account. This step is important. You want to make sure you don’t have any idle resource just sitting in your account.

  1. Select your storage account name in the breadcrumb at the top of the screen.
  2. Scroll down until you find the Settings section of the blade on the left of the screen.
  3. Select Locks.
  4. Select Delete.
  5. Select Home in the breadcrumb at the top of the screen.
  6. Select Storage accounts.
  7. Select the storage account you used for this exercise.
  8. Select Delete.
  9. To prevent accidental deletion, Azure prompts you to enter the name of the storage account you want to delete. Enter the name of the storage account and select Delete.

Screenshot of the deletion confirmation message before deleting a storage account.

  1. You should receive a message that the storage account was deleted. If you go Home > Storage accounts, you should see that the storage account you created for this exercise is gone.

Task 8: Clean up

To clean up the assets created in this exercise and avoid unnecessary costs, delete the resource group (and all associated resources).

  1. From the Azure home page, under Azure services, select Resource groups.
  2. Select the IntroAzureRG resource group.
  3. Select Delete resource group.
  4. Enter IntroAzureRG to confirm deletion of the resource group and select Delete.
  5. Select Delete on the confirmation window.

Congratulations! You’ve completed configuring, updating, and removing a resource lock on an Azure resource.