# Azure Resource Locks & Resource Tags Azure provides tools like **resource locks** and **resource tags** to help with managing and controlling access to resources. Both are important for ensuring that resources are used effectively and efficiently, while maintaining security and governance. *** #### **Azure Resource Locks** **Resource locks** in Azure are used to prevent accidental or unauthorized changes to Azure resources. They provide an additional layer of protection, ensuring that critical resources are not inadvertently modified or deleted. **Key Features of Resource Locks:** * **Prevents Accidental Actions**: Resource locks ensure that sensitive resources, like production databases or virtual machines, cannot be deleted or altered accidentally. * **Can Be Applied at Different Levels**: Resource locks can be applied at various levels, including: * **Individual Resource**: Locks applied directly to a specific resource (e.g., a virtual machine or storage account). * **Resource Group**: Locks applied to all resources within a particular resource group. * **Subscription Level**: Locks applied to all resources within a subscription, providing the broadest level of protection. *** **Types of Resource Locks** 1. **Read-Only Lock** * **Description**: A **Read-Only lock** prevents any modifications or deletions to a resource. This lock ensures that users can view the resource but cannot make any changes. * **Use Case**: Ideal for resources that should not be changed (e.g., critical production resources) but need to be monitored or viewed for auditing purposes. * **Impact**: Users can still list and view the resource, but they cannot make any updates or deletions to it. 2. **Delete Lock** * **Description**: A **Delete lock** prevents the deletion of a resource or resource group but allows modifications. * **Use Case**: Suitable for resources that should not be deleted under any circumstances (e.g., databases or VMs) but still need to be updated or modified. * **Impact**: Users can modify or update the resource but cannot delete it, reducing the risk of accidental deletion. *** #### **Azure Resource Tags** **Resource tags** are used to apply metadata to Azure resources in the form of **key-value pairs**. Tags help organize and categorize resources for better resource management, cost tracking, and compliance. **Key Features of Resource Tags:** * **Simple Key-Value Pairs**: A tag consists of a **key** and a **value** (e.g., `Environment: Production`, `Department: Sales`). * **Resource Governance**: Tags help apply policies and monitor resource usage. For instance, you can use tags to identify resources that belong to specific departments or projects and apply governance policies to them. * **Security**: Tags can be used for security-related purposes, such as identifying sensitive resources or marking resources for additional monitoring. * **Cost Management**: Tags are useful in tracking and managing costs. For example, tags like `CostCenter: 1234` or `Project: CloudMigration` can help allocate costs to specific projects or departments. *** **Tagging Based on Categories** Resource tags can be used for several key management and organizational purposes. Common ways to categorize tags include: 1. **Functional Classification** * Tags that classify resources based on their function or role within the environment. * **Examples**: * `Function: WebApp` * `Function: Database` * `Function: LoadBalancer` 2. **Departments** * Tags that categorize resources based on organizational departments, allowing organizations to allocate and manage resources by business unit. * **Examples**: * `Department: IT` * `Department: Marketing` * `Department: Finance` 3. **Partnerships** * Tags used to track resources associated with different partnerships or third-party collaborations. * **Examples**: * `Partner: VendorXYZ` * `Partner: PartnerABC`