azureazure-policyazure-resource-lock

Automatically lock resources based on the tags - Microsoft Azure


I would like to find a way to automatically lock resources when they have a specific tag and value in Microsoft Azure.

For example, if the resource has a tag "Important resource" set to "yes", a "CanNotDelete" lock should be created on this resource. I have tried some things with the policies and the "DeployIfNotExists" effect but I don't find what I'm looking for (not even sure if that effect could possibly do what I want). I don't really know where to look to solve my problem.

I guess I could do this with Powershell but I would like it to be automatic when new resources are created without having to launch the Powershell script to lock the resources.

I hope everything is clear, thank you.


Solution

  • I don't know how frequently you're deploying or how time sensitive your requirements are, but if you can write a solution in Powershell (it looks like Get-AzResource with the -Tag param would work) you could run it in a timer-triggered Azure Function at basically no cost.