Table: azure_management_lock - Query Azure Management Locks using SQL
Azure Management Lock is a feature within Microsoft Azure that helps prevent accidental deletion or modification of Azure resources. It allows administrators to apply a 'CanNotDelete' or 'ReadOnly' lock on a subscription, resource group, or resource to protect it from being inadvertently deleted or modified. These locks can be used across various Azure resources, including virtual machines, storage accounts, and more.
Table Usage Guide
The azure_management_lock table provides insights into Management Locks within Microsoft Azure. As an Azure administrator or a DevOps engineer, explore lock-specific details through this table, including their level (CanNotDelete or ReadOnly), scope, and associated resources. Utilize it to uncover information about locks, such as those applied on critical resources, to ensure their accidental deletion or modification is prevented.
Examples
List of resources where the management locks are applied
This example demonstrates how to identify resources that have management locks applied to them within the Azure environment. This could be useful for administrators who need to manage access controls or troubleshoot issues related to locked resources.
select name, split_part(id, '/', 8) as resource_type, split_part(id, '/', 9) as resource_namefrom azure_management_lock;Error: SQLite does not support split_part function.Resources and lock levels
Uncover the details of specific Azure resources and their associated lock levels. This can help you assess what resources are locked at what level, aiding in security and access management.
select name, split_part(id, '/', 8) as resource_type, split_part(id, '/', 9) as resource_name, lock_levelfrom azure_management_lock;Error: SQLite does not support splitor string_to_array functions.Schema for azure_management_lock
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| akas | jsonb | Array of globally unique identifier strings (also known as) for the resource. | |
| cloud_environment | text | The Azure Cloud Environment. | |
| id | text | Contains ID to identify a lock uniquely. | |
| lock_level | text | The level of the lock. | |
| name | text | = | The friendly name that identifies management lock. |
| notes | text | Contains the notes about the lock. | |
| owners | jsonb | A list of owners of the lock. | |
| resource_group | text | = | The resource group which holds this resource. |
| scope | text | Contains the scope of the lock. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| subscription_id | text | =, !=, ~~, ~~*, !~~, !~~* | The Azure Subscription ID in which the resource is located. |
| title | text | Title of the resource. | |
| type | text | The resource type of the lock. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- azureYou can pass the configuration to the command with the --config argument:
steampipe_export_azure --config '<your_config>' azure_management_lock