Created
August 20, 2018 17:04
-
-
Save straubt1/fb65310bb105d7d50aa6d6106a4fb401 to your computer and use it in GitHub Desktop.
Terraform Azure Management Locks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "azurerm_resource_group" "main" { | |
name = "cardinal-rg" | |
location = "centralus" | |
} | |
resource "azurerm_management_lock" "resource-group-level" { | |
name = "resource-group-level" | |
scope = "${azurerm_resource_group.main.id}" | |
lock_level = "ReadOnly" | |
notes = "This Resource Group is Read-Only" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
locals { | |
// A list of resource ids that need locks created with type 'ReadOnly' | |
lock_resources_readonly = [ | |
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/existing-rg1", | |
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/existing-rg2/providers/Microsoft.Storage/storageAccounts/someaccount001", | |
] | |
// A list of resource ids that need locks created with type 'CanNotDelete' | |
lock_resources_cannotdelete = [ | |
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/existing-rg3", | |
"/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/existing-rg4/providers/Microsoft.Storage/storageAccounts/someaccount002", | |
] | |
} | |
resource "azurerm_management_lock" "cannotdelete" { | |
count = "${length(local.lock_resources_cannotdelete)}" | |
scope = "${local.lock_resources_cannotdelete[count.index]}" | |
name = "CanNotDelete-${count.index}" | |
lock_level = "CanNotDelete" | |
notes = "'Can Not Delete' Lock to prevent resource deletion." | |
} | |
resource "azurerm_management_lock" "readonly" { | |
count = "${length(local.lock_resources_readonly)}" | |
scope = "${local.lock_resources_readonly[count.index]}" | |
name = "ReadOnly-${count.index}" | |
lock_level = "ReadOnly" | |
notes = "'Read Only' Lock to prevent resource modification." | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "azurerm_management_lock" "resource-group-level" { | |
scope = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/app-rg/providers/Microsoft.Storage/storageAccounts/mystorageaccount99" | |
name = "resource-level-cannotdelete" | |
lock_level = "CanNotDelete" | |
notes = "Item can't be deleted!" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "azurerm_management_lock" "resource-group-level" { | |
scope = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/app-rg" | |
name = "resource-group-level-cannotdelete" | |
lock_level = "CanNotDelete" | |
notes = "Items can't be deleted in this resource group!" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
resource "azurerm_management_lock" "subscription-level" { | |
scope = "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" | |
name = "subscription-level-cannotdelete" | |
lock_level = "CanNotDelete" | |
notes = "Items can't be deleted in this subscription!" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment