Azure Resource Locks & Resource Tags

Azure provides tools like resource locks and resource tags to help with managing and controlling access to resources. Both are important for ensuring that resources are used effectively and efficiently, while maintaining security and governance.

---

Azure Resource Locks

Resource locks in Azure are used to prevent accidental or unauthorized changes to Azure resources. They provide an additional layer of protection, ensuring that critical resources are not inadvertently modified or deleted.

Key Features of Resource Locks:

• Prevents Accidental Actions: Resource locks ensure that sensitive resources, like production databases or virtual machines, cannot be deleted or altered accidentally.

• Can Be Applied at Different Levels: Resource locks can be applied at various levels, including:

  • Individual Resource: Locks applied directly to a specific resource (e.g., a virtual machine or storage account).

  • Resource Group: Locks applied to all resources within a particular resource group.

  • Subscription Level: Locks applied to all resources within a subscription, providing the broadest level of protection.

---

Types of Resource Locks

1. Read-Only Lock

   • Description: A Read-Only lock prevents any modifications or deletions to a resource. This lock ensures that users can view the resource but cannot make any changes.

   • Use Case: Ideal for resources that should not be changed (e.g., critical production resources) but need to be monitored or viewed for auditing purposes.

   • Impact: Users can still list and view the resource, but they cannot make any updates or deletions to it.

2. Delete Lock

   • Description: A Delete lock prevents the deletion of a resource or resource group but allows modifications.

   • Use Case: Suitable for resources that should not be deleted under any circumstances (e.g., databases or VMs) but still need to be updated or modified.

   • Impact: Users can modify or update the resource but cannot delete it, reducing the risk of accidental deletion.

---

Azure Resource Tags

Resource tags are used to apply metadata to Azure resources in the form of key-value pairs. Tags help organize and categorize resources for better resource management, cost tracking, and compliance.

Key Features of Resource Tags:

• Simple Key-Value Pairs: A tag consists of a key and a value (e.g., Environment: Production, Department: Sales).

• Resource Governance: Tags help apply policies and monitor resource usage. For instance, you can use tags to identify resources that belong to specific departments or projects and apply governance policies to them.

• Security: Tags can be used for security-related purposes, such as identifying sensitive resources or marking resources for additional monitoring.

• Cost Management: Tags are useful in tracking and managing costs. For example, tags like CostCenter: 1234 or Project: CloudMigration can help allocate costs to specific projects or departments.

---

Tagging Based on Categories

Resource tags can be used for several key management and organizational purposes. Common ways to categorize tags include:

1. Functional Classification

   • Tags that classify resources based on their function or role within the environment.

   • Examples:

     • Function: WebApp

     • Function: Database

     • Function: LoadBalancer

2. Departments

   • Tags that categorize resources based on organizational departments, allowing organizations to allocate and manage resources by business unit.

   • Examples:

     • Department: IT

     • Department: Marketing

     • Department: Finance

3. Partnerships

   • Tags used to track resources associated with different partnerships or third-party collaborations.

   • Examples:

     • Partner: VendorXYZ

     • Partner: PartnerABC