How to solve the "Please remove the lock and try again error" in Azure
When working with Azure, you might encounter the error message Error: The scope ... cannot perform delete operation because following scope(s) are locked: ... Please remove the lock and try again while attempting to delete a resource. This error typically occurs when a resource is locked by another operation, preventing its deletion. In our example we will try to delete a Subnet in a Virtual Network.
What are Locks in Azure?
Locks in Azure are used to prevent accidental deletion, for example from IaC scripts, or modification of critical resources. These locks can be applied by the user at various levels, such as the Resource group, Subscription, or individual resource level. Azure supports two types of locks: Read-only and Delete.
To create a Lock you can either use the Azure Portal or the az lock create command, for example:
az lock create --name lockName --resource-group group --lock-type ReadOnly --resource-type Microsoft.Network/virtualNetworks --resource myVnet
A common use-case for using a Lock
There is often the case that you want to secure a Virtual Network from accidentally being deleted from a Bicep or Terraform script. For that you would create a Lock on resource level:
Remove the Lock
Only in cases when you are confident about a deletion, for example removing a not needed Subnet, you can delete the Lock perform the deletion either from the Azure Portal or with the help of an az command and then create a new lock for the resource.
Tips and tricks
- Check for Inherited Locks: If the lock is not directly on the resource, it might be inherited from a parent scope, such as the
Resource groupor theSubscription. Ensure you check and remove any inherited locks. - Review Lock Types: Ensure you are removing the correct type of lock that is preventing the deletion.
- Use Azure CLI or PowerShell: If you prefer, you can also manage locks using Azure CLI or PowerShell commands. This can be particularly useful for automating the process.