In a previous post I talked about how we can use a script to add and remove locks on resources in my integration platform to prevent accidental deletion.
We wanted to take it a step further so every week we run a DevOps pipeline which runs the scripts to ensure if someone has removed a lock they will be added back in.
The pipeline looks like the following:
The task to install modules is:
steps:
- powershell: |
#Install powershell modules that are needed in this pipeline
Install-Module -Name Az -Force -AllowClobber
Install-Module -Name Az.Accounts -Force -AllowClobber
Install-Module -Name Az.ResourceGraph -AllowClobber
displayName: 'Install Powershell Modules'
The task to run the lock script is:
steps:
- task: AzurePowerShell@5
displayName: 'Apply Resource Group Locks'
inputs:
azureSubscription: 'ARM-IT-EAI-DevOpsService'
ScriptPath: '$(System.DefaultWorkingDirectory)/_Admin/ResourceGroup_Locks/resourcegroup.locks.apply.ps1'
azurePowerShellVersion: LatestVersionYou can then just do whatever flavour of pipeline you prefer, in our case we used a classic release pipeline which triggers on a schedule and just runs the script for each environment.
