Search
  • AmistadGroup

Azure Automation: Enable Tags and no delete Locks

Recently I noticed the fact that inside an Azure subscription we deployed different resources that need to be internally invoiced to different teams.

With this task on my hands, the first thing that I had in mind was to create a script which to identify those resources and based on that to apply a specific tag for each different resource. The script should be PowerShell and should be run daily from an Azure Automation account.

in regards to Azure tags you also need to understand the fact that not all Azure resources are supporting this feature but for more details please check this Microsoft link: https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/tag-support

All resources inside that subscription should have a tag with subscription name, a tag with an environment which could for example production or development, a tag that will allow me to be able to identify resources between themselves, for that, I used this piece of code


$value=(Get-AzSubscription -SubscriptionId SubscriptionIDused -TenantId TenantIdused).Name
$tag1=@{"Service"="$value";"Environment"="Production";"specific TAG"="resource1"}
$tag2=@{"Service"="$value";"Environment"="Development";"specific TAG"="resource2"}

The next step is to go over all resources inside that subscription, identify those you need to apply the specific tag, which you can do by looking at resource ID and then to apply the specific needed tag using this command


Set-AzResource -ResourceId $resourceID -Tag $tag1 -Force
or
Set-AzResource -ResourceId $resourceID -Tag $tag2 -Force

During this PowerShell script creation, I was thinking why not apply locks to all resources to prevent accidental deletion for a resource.

With that in mind and also have the resource ID already I used this piece of code to implement the resource lock


New-AzResourceLock -LockLevel CanNotDelete -LockNotes "ResourceNoDelete" -LockName "ResourceNoDelete" -scope $resourceId -Force

A simple PowerShell script that runs daily in the Azure Automation account helped to resolve two important issues, group resources deployed all over based on a specific TAG field and prevent Azure resource accidental deletion by implementing LOCKS no delete.


Thank you!

AmistadGroup IT Team

(https://www.amistadgroup.ro/)

6 views0 comments

© 2020 Amistad Group S.R.L