Ensure resource lock enabled for Azure Resource Group

LOW

Description

Resource lock is disabled for Azure Resource Group, this may lead to unauthorized access.

Remediation

In Azure Console -

In the settings for a Resource Group, select Locks.
Select Add to create a lock.
Give the lock a name and a level.

In terraform -

Create a new azurerm_management_lock resource.
Configure name, scope, lock_level, and notes.

References:
https://learn.microsoft.com/en-us/rest/api/resources/management-locks/create-or-update-at-resource-level?tabs=HTTP
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/management_lock

Policy Details

Rule Reference ID: AC_AZURE_0389

CSP: Azure

Remediation Available: Yes

Domain: Identity and Access Management

Resource: azurerm_resource_group

Resource Category: Identity and Access Management (IAM)

Resource Type: Policy

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA
SOC2