Hi!
I have such a module:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.50.0"
}
}
}
module "azure_general" {
source = "../azure_general"
environment = var.environment
organization = var.organization
location = var.location
subscription_id = var.subscription_id
}
provider "azurerm" {
features {}
subscription_id = module.azure_general.subscription_id
tenant_id = module.azure_general.tenant_id
}
resource "azurerm_resource_group" "rg" {
name = "${var.project_name}-rg-${module.azure_general.location_alias}-${var.environment}"
location = module.azure_general.location
tags = merge(
{
projectName = var.project_name
teamName = var.team_name
organization = var.organization
environment = var.environment
availability = module.azure_general.availability
deployType = "Terraform"
},
var.tags
)
}
resource "azurerm_management_lock" "rg_lock" {
name = "LockDelete"
scope = azurerm_resource_group.rg.id
lock_level = "CanNotDelete"
}
output "resource_group_name" {
value = azurerm_resource_group.rg.name
}
output "resource_group_subscription" {
value = module.azure_general.subscription_id
}
output "resource_group_id" {
value = azurerm_resource_group.rg.id
}
output "resource_group_location" {
value = azurerm_resource_group.rg.location
}
In each Resource Group, which was created with the modulus also created a lock on RG. But now to change something in the Resource Group I have to remove the lock first. But… when I remove the lock manually, it is the first to be put on the next terraform apply, and the rest does not change.
What I mean is that, for example, I have two virtual machines in the resource group, then I want to change their system or Size using terraform, then first terraform must remove them, but it can’t because lock blocks it.
How can I automate this? Or write some modul? I wouldn’t want to do something manually either.