azurepowershellforeachazure-resource-groupazure-resource-lock

Lock azure resource with PowerShell

I've been trying to run a script to create a lock on azure resource to prevent resources being deleted inadvertently. I get an error message and I can't figure out why it's showing me this error message.

Script:

    #Sign in to Azure account
Login-AzAccount

#Select the subscription you want to work on
Select-AzSubscription -Subscription "test.subscription"

#Get All Resources in a resource group
$Resources = Get-AzResource -ResourceGroupName dummy_rg | Format-Table

# Create lock "delete" on each Resource if it doesn't exist
foreach($Resource in $Resources) {

    $ResourceName = $Resource.Name
    $lck = Get-AzResourceLock -ResourceGroupName $Resource.ResourceGroupName -ResourceName $ResourceName -ResourceType $Resource.ResourceType
    
    if ($null -eq $lck)
    {
    Write-Host "$ResourceName has no lock"
    
    New-AzResourceLock -resourceGroupName $rg -ResourceName $ResourceName -ResourceType $Resource.ResourceType -LockName "$ResourceName-lck" -LockLevel CanNotDelete -Force
    
    Write-Host "$ResourceName has been locked"
    
    }
    else 
    {
    Write-host "$ResourceName already locked"
    }
    
    }

Error message:

enter image description here

Gaurav request result:

enter image description here

Solution 
  • #Start logging
Start-Transcript -Path "C:\Windows\Logs\Lock - $(((get-date).ToUniversalTime()).ToString("yyyy-MM-dd_hh-mm-ss")).log" -Force

#Connect to Azure account
Login-AzAccount

#Select Azure subscription
Set-AzContext -Subscription "subscription_id_numbers"
#Deny rule on Azure Data Factory and Azure Machine Learning
$Resources = Get-AzResource | Where-Object {$_.Name -NotLike '*adf*' -and $_.Name -NotLike '*aml*'}

# Create lock "delete" on each Resource if it doesn't exist

foreach($Resource in $Resources) {

$ResourceName = $Resource.Name
$lck = Get-AzResourceLock -ResourceGroupName $Resource.ResourceGroupName -ResourceName $ResourceName -ResourceType $Resource.ResourceType

if ($lck -eq $null)
{
Write-Host "$ResourceName has no lock"

Set-AzResourceLock -ResourceGroupName $Resource.ResourceGroupName -ResourceName $ResourceName -ResourceType $Resource.ResourceType -LockName "$ResourceName-lck" -LockLevel CanNotDelete -Force

Write-Host "$ResourceName has been locked"

}
else 
{
Write-host "$ResourceName already locked"
}

}

#Stop Logging
Stop-Transcript

    This will loop on every ressources except azure data factory in the tenant and create a "delete" type lock to make sure resources aren't deleted inadvertently. Read comments in each section to understand the code.