How to ignore locked resources with 'Complete' mode deployment to Azure?

2
votes

Our team is using a deployment that uses multiple ARM templates to setup our environment. The first ARM template is set to deployment mode 'Complete' and removes everything, but a storage account. We're using Azure CLI to make the deployment:

az group deployment create \
    --mode Incremental \
    --resource-group $resourceGroupName \
    --template-file $BUILD_SOURCESDIRECTORY'/Infrastructure/azuredeploy.json' \
    --parameters $BUILD_SOURCESDIRECTORY'/Infrastructure/azuredeploy.parameters.'$environment'.json' \
    --query $query \
    --output json

However one of our resource groups contains a few locked resources (which are managed by a different team). In that particular case the strategy with a 'Complete' deployment mode fails, because Azure cannot remove the locked resources.

Understandably of course, but maybe there's a way around this? Can we, for example, instruct the ARM template to ignore specific resources? Or use CLI to instruct something similar?

The obvious way would be to move the resources to a separate resource group, but unfortunately that's not a possiblity for us. I couldn't find any other way yet, but maybe I missed something. Thanks for any answers in advance.

1
azureazure-resource-managerarm-templateazure-cli
stackoverflow.com/questions/38624367/…Herman Cordes

1 Answers

3
votes

Another way to get around this apart from moving resources to a separate resource group (which you say is ruled out in your case anyway), would be to use Conditions with your resources.

Do note that in complete mode, Resource Manager deletes resources that exist in the resource group but aren't specified in the template. Resources that are specified in the template, but not deployed because a condition evaluates to false, aren't deleted.

For more detail on the syntax and examples, please refer to the following resources:

Hope this helps!