az-lock

Create a read-only lock on a resource group

$ az lock create --name [MyLock] --resource-group [MyResourceGroup] --lock-type ReadOnly

$ az lock create --name [MyLock] --resource-group [MyResourceGroup] --lock-type CanNotDelete

$ az lock list --resource-group [MyResourceGroup]

$ az lock show --name [MyLock] --resource-group [MyResourceGroup]

$ az lock delete --name [MyLock] --resource-group [MyResourceGroup]

$ az lock create --name [MyLock] --resource-group [MyResourceGroup] --resource-name [MyResource] --resource-type [Microsoft.Storage/storageAccounts] --lock-type CanNotDelete

az lock subcommand [options]

az lock manages Azure resource locks. Locks prevent accidental deletion or modification of critical resources. Two lock types are available: CanNotDelete allows read and modify operations but prevents deletion, while ReadOnly allows only read operations.
Locks can be applied at subscription, resource group, or individual resource level. Child resources inherit locks from parent resources.

--name -n

Name of the lock.

Type of lock: CanNotDelete or ReadOnly.

Name of resource group.

Name of the resource being locked.

The type of the resource being locked.

Notes about the lock.

create

Create a lock.

Delete a lock.

List locks.

Show details of a lock.

Update a lock.

Requires Azure CLI and appropriate RBAC permissions (Owner or User Access Administrator). Locks do not restrict actions performed by the Azure platform itself. A ReadOnly lock on a resource group affects all resources within it.

az(1), az-tag(1), az-provider(1)