Created
November 10, 2021 03:39
-
-
Save JeffBrownTech/3c21bfc5c6abe45d48d00156862a92ce to your computer and use it in GitHub Desktop.
Deploy CanNotDelete Resource Lock on Resource Groups
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "properties": { | |
| "displayName": "Deploy CanNotDelete Resource Lock on Resource Groups", | |
| "description": "Creates a resource lock at the resource group level for preventing resource deletion.", | |
| "mode": "all", | |
| "metadata": { | |
| "version": "1.0.0", | |
| "category": "General" | |
| }, | |
| "parameters": {}, | |
| "policyRule": { | |
| "if": { | |
| "field": "type", | |
| "equals": "Microsoft.Resources/subscriptions/resourceGroups" | |
| }, | |
| "then": { | |
| "effect": "DeployIfNotExists", | |
| "details": { | |
| "type": "Microsoft.Authorization/locks", | |
| "existenceCondition": { | |
| "field": "Microsoft.Authorization/locks/level", | |
| "equals": "CanNotDelete" | |
| }, | |
| "roleDefinitionIds": [ | |
| "/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635" | |
| ], | |
| "deployment": { | |
| "properties": { | |
| "mode": "incremental", | |
| "template": { | |
| "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json", | |
| "contentVersion": "1.0.0.0", | |
| "resources": [ | |
| { | |
| "type": "Microsoft.Authorization/locks", | |
| "apiVersion": "2017-04-01", | |
| "name": "DenyDelete", | |
| "properties": { | |
| "level": "CanNotDelete", | |
| "notes": "Prevents deletion of resource group." | |
| } | |
| } | |
| ] | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment