Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The locks resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/locks resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Authorization/locks@2020-05-01' = {
scope: resourceSymbolicName or scope
name: 'string'
properties: {
level: 'string'
notes: 'string'
owners: [
{
applicationId: 'string'
}
]
}
}
Property Values
Microsoft.Authorization/locks
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| properties | The properties of the lock. | ManagementLockProperties (required) |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
ManagementLockOwner
| Name | Description | Value |
|---|---|---|
| applicationId | The application ID of the lock owner. | string |
ManagementLockProperties
| Name | Description | Value |
|---|---|---|
| level | The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. | 'CanNotDelete' 'NotSpecified' 'ReadOnly' (required) |
| notes | Notes about the lock. Maximum of 512 characters. | string |
| owners | The owners of the lock. | ManagementLockOwner[] |
Usage Examples
Azure Quickstart Samples
The following Azure Quickstart templates contain Bicep samples for deploying this resource type.
| Bicep File | Description |
|---|---|
| Application Gateway with WAF and firewall policy | This template creates an Application Gateway with WAF configured along with a firewall policy |
| Azure Container Registry with Policies and Diagnostics | Azure Container Registry with Policies and Diagnostics (bicep) |
| Azure Data Factory with Git and managed vnet configuration | This template creates Azure Data Factory with Git configuration and managed virtual network. |
| Azure Game Developer Virtual Machine | Azure Game Developer Virtual Machine includes Licencsed Engines like Unreal. |
| Create a Network Watcher | This template creates a Network Watcher resource. |
| Create a resourceGroup, apply a lock and RBAC | This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal. |
| Create Key Vault with logging enabled | This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
| Create Recovery Services Vault with backup policies | This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock. |
| Log Analytics workspace with solutions and data sources | Deploys a Log Analytics workspace with specified solutions and data sources |
| Network Security Group with diagnostic logs | This template creates a Network Security Group with diagnostic logs and a resource lock |
| Route table with routes | This template creates a Route Table with routes |
| Virtual Network with diagnostic logs | This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet |
ARM template resource definition
The locks resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/locks resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/locks",
"apiVersion": "2020-05-01",
"name": "string",
"properties": {
"level": "string",
"notes": "string",
"owners": [
{
"applicationId": "string"
}
]
}
}
Property Values
Microsoft.Authorization/locks
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2020-05-01' |
| name | The resource name | string (required) |
| properties | The properties of the lock. | ManagementLockProperties (required) |
| type | The resource type | 'Microsoft.Authorization/locks' |
ManagementLockOwner
| Name | Description | Value |
|---|---|---|
| applicationId | The application ID of the lock owner. | string |
ManagementLockProperties
| Name | Description | Value |
|---|---|---|
| level | The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. | 'CanNotDelete' 'NotSpecified' 'ReadOnly' (required) |
| notes | Notes about the lock. Maximum of 512 characters. | string |
| owners | The owners of the lock. | ManagementLockOwner[] |
Usage Examples
Azure Quickstart Templates
The following Azure Quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Application Gateway with WAF and firewall policy |
This template creates an Application Gateway with WAF configured along with a firewall policy |
| Azure Container Registry with Policies and Diagnostics |
Azure Container Registry with Policies and Diagnostics (bicep) |
| Azure Data Factory with Git and managed vnet configuration |
This template creates Azure Data Factory with Git configuration and managed virtual network. |
| Azure Game Developer Virtual Machine |
Azure Game Developer Virtual Machine includes Licencsed Engines like Unreal. |
| Create a Network Watcher |
This template creates a Network Watcher resource. |
| Create a resourceGroup, apply a lock and RBAC |
This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal. |
| Create Key Vault with logging enabled |
This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
| Create Recovery Services Vault with backup policies |
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock. |
| Log Analytics workspace with solutions and data sources |
Deploys a Log Analytics workspace with specified solutions and data sources |
| Network Security Group with diagnostic logs |
This template creates a Network Security Group with diagnostic logs and a resource lock |
| Route table with routes |
This template creates a Route Table with routes |
| Virtual Network with diagnostic logs |
This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet |
Terraform (AzAPI provider) resource definition
The locks resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/locks resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Authorization/locks@2020-05-01"
name = "string"
parent_id = "string"
body = {
properties = {
level = "string"
notes = "string"
owners = [
{
applicationId = "string"
}
]
}
}
}
Property Values
Microsoft.Authorization/locks
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | The properties of the lock. | ManagementLockProperties (required) |
| type | The resource type | "Microsoft.Authorization/locks@2020-05-01" |
ManagementLockOwner
| Name | Description | Value |
|---|---|---|
| applicationId | The application ID of the lock owner. | string |
ManagementLockProperties
| Name | Description | Value |
|---|---|---|
| level | The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. | 'CanNotDelete' 'NotSpecified' 'ReadOnly' (required) |
| notes | Notes about the lock. Maximum of 512 characters. | string |
| owners | The owners of the lock. | ManagementLockOwner[] |