For maintaining Azure resource lock configuration and automation
These are used to protect from automation gone wrong against resources that have persistent data that we really don't want accidentally deleted.
Currently the resource locks are applied to resource groups which have the following resource types:
- Storage
- Key Vault
- SQL Databases
- APP Insights
- Static IPs
- Azure Firewall
- SaaS Resources
- Virtual Wan
- CosmosDB
- Frontdoor
- App Gateways
- Private DNS Zones
The list could be extended by adding || contains(type, '<<resource type>>')) to the JSONPATH in the enable-resource-locking.sh
-
Scheduled to run every 3 hours for the environments below
- CNP-DEV
- CNP-Prod
- SDS-STG
- SDS-PROD
- HUB-PROD
- HUB-NONPROD
- DCD-CFT-PROD
-
- Select the subscription and resource group(s) to run against from the job parameters