In a previous post I talked about how we can use a script to add and remove locks on resources in my integration platform to prevent accidental deletion.
We wanted to take it a step further so every week we run a DevOps pipeline which runs the scripts to ensure if someone has removed a lock they will be added back in.
The pipeline looks like the following:
The task to install modules is:
steps: - powershell: | #Install powershell modules that are needed in this pipeline Install-Module -Name Az -Force -AllowClobber Install-Module -Name Az.Accounts -Force -AllowClobber Install-Module -Name Az.ResourceGraph -AllowClobber displayName: 'Install Powershell Modules'
The task to run the lock script is:
steps: - task: [email protected] displayName: 'Apply Resource Group Locks' inputs: azureSubscription: 'ARM-IT-EAI-DevOpsService' ScriptPath: '$(System.DefaultWorkingDirectory)/_Admin/ResourceGroup_Locks/resourcegroup.locks.apply.ps1' azurePowerShellVersion: LatestVersion
You can then just do whatever flavour of pipeline you prefer, in our case we used a classic release pipeline which triggers on a schedule and just runs the script for each environment.