Microsoft.Authorization locks 2016-09-01
Bicep resource definition
The locks resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/locks resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Authorization/locks@2016-09-01' = {
scope: resourceSymbolicName or scope
name: 'string'
properties: {
level: 'string'
notes: 'string'
owners: [
{
applicationId: 'string'
}
]
}
}
Property values
ManagementLockOwner
| Name | Description | Value |
|---|---|---|
| applicationId | The application ID of the lock owner. | string |
ManagementLockProperties
| Name | Description | Value |
|---|---|---|
| level | The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. | 'CanNotDelete' 'NotSpecified' 'ReadOnly' (required) |
| notes | Notes about the lock. Maximum of 512 characters. | string |
| owners | The owners of the lock. | ManagementLockOwner[] |
Microsoft.Authorization/locks
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| properties | The properties of the lock. | ManagementLockProperties (required) |
| scope | Use when creating a resource at a scope that is different than the deployment scope. | Set this property to the symbolic name of a resource to apply the extension resource. |
Quickstart samples
The following quickstart samples deploy this resource type.
| Bicep File | Description |
|---|---|
| Application Gateway with WAF and firewall policy | This template creates an Application Gateway with WAF configured along with a firewall policy |
| Azure Container Registry with Policies and Diagnostics | Azure Container Registry with Policies and Diagnostics (bicep) |
| Azure Data Factory with Git and managed vnet configuration | This template creates Azure Data Factory with Git configuration and managed virtual network. |
| Azure Game Developer Virtual Machine | Azure Game Developer Virtual Machine includes Licencsed Engines like Unreal. |
| Create a Network Watcher | This template creates a Network Watcher resource. |
| Create a resourceGroup, apply a lock and RBAC | This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal. |
| Create Key Vault with logging enabled | This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
| Create Recovery Services Vault with backup policies | This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock. |
| Log Analytics workspace with solutions and data sources | Deploys a Log Analytics workspace with specified solutions and data sources |
| Network Security Group with diagnostic logs | This template creates a Network Security Group with diagnostic logs and a resource lock |
| Route table with routes | This template creates a Route Table with routes |
| Virtual Network with diagnostic logs | This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet |
ARM template resource definition
The locks resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/locks resource, add the following JSON to your template.
{
"type": "Microsoft.Authorization/locks",
"apiVersion": "2016-09-01",
"name": "string",
"properties": {
"level": "string",
"notes": "string",
"owners": [
{
"applicationId": "string"
}
]
}
}
Property values
ManagementLockOwner
| Name | Description | Value |
|---|---|---|
| applicationId | The application ID of the lock owner. | string |
ManagementLockProperties
| Name | Description | Value |
|---|---|---|
| level | The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. | 'CanNotDelete' 'NotSpecified' 'ReadOnly' (required) |
| notes | Notes about the lock. Maximum of 512 characters. | string |
| owners | The owners of the lock. | ManagementLockOwner[] |
Microsoft.Authorization/locks
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2016-09-01' |
| name | The resource name | string (required) |
| properties | The properties of the lock. | ManagementLockProperties (required) |
| type | The resource type | 'Microsoft.Authorization/locks' |
Quickstart templates
The following quickstart templates deploy this resource type.
| Template | Description |
|---|---|
Application Gateway with WAF and firewall policy |
This template creates an Application Gateway with WAF configured along with a firewall policy |
| Azure Container Registry with Policies and Diagnostics |
Azure Container Registry with Policies and Diagnostics (bicep) |
| Azure Data Factory with Git and managed vnet configuration |
This template creates Azure Data Factory with Git configuration and managed virtual network. |
| Azure Game Developer Virtual Machine |
Azure Game Developer Virtual Machine includes Licencsed Engines like Unreal. |
| Create a Network Watcher |
This template creates a Network Watcher resource. |
| Create a resourceGroup, apply a lock and RBAC |
This template is a subscription level template that will create a resourceGroup, apply a lock the the resourceGroup and assign contributor permssions to the supplied principalId. Currently, this template cannot be deployed via the Azure Portal. |
| Create Key Vault with logging enabled |
This template creates an Azure Key Vault and an Azure Storage account that is used for logging. It optionally creates resource locks to protect your Key Vault and storage resources. |
| Create Recovery Services Vault with backup policies |
This template creates a Recovery Services Vault with backup policies and configure optional features such system identity, backup storage type, cross region restore and diagnostics logs and a delete lock. |
| Log Analytics workspace with solutions and data sources |
Deploys a Log Analytics workspace with specified solutions and data sources |
| Network Security Group with diagnostic logs |
This template creates a Network Security Group with diagnostic logs and a resource lock |
| Route table with routes |
This template creates a Route Table with routes |
| Virtual Network with diagnostic logs |
This template creates a Virtual Network with diagnostic logs and allows optional features to be added to each subnet |
Terraform (AzAPI provider) resource definition
The locks resource type can be deployed with operations that target:
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Authorization/locks resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Authorization/locks@2016-09-01"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
level = "string"
notes = "string"
owners = [
{
applicationId = "string"
}
]
}
})
}
Property values
ManagementLockOwner
| Name | Description | Value |
|---|---|---|
| applicationId | The application ID of the lock owner. | string |
ManagementLockProperties
| Name | Description | Value |
|---|---|---|
| level | The level of the lock. Possible values are: NotSpecified, CanNotDelete, ReadOnly. CanNotDelete means authorized users are able to read and modify the resources, but not delete. ReadOnly means authorized users can only read from a resource, but they can't modify or delete it. | 'CanNotDelete' 'NotSpecified' 'ReadOnly' (required) |
| notes | Notes about the lock. Maximum of 512 characters. | string |
| owners | The owners of the lock. | ManagementLockOwner[] |
Microsoft.Authorization/locks
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) |
| parent_id | The ID of the resource to apply this extension resource to. | string (required) |
| properties | The properties of the lock. | ManagementLockProperties (required) |
| type | The resource type | "Microsoft.Authorization/locks@2016-09-01" |