Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Accidentally deleting critical Azure resources, such as Azure Database for MySQL flexible servers, can disrupt operations and compromise business continuity. This article outlines how to prevent accidental deletions by using Azure Resource Locks and Azure Policy, and how to recover deleted servers by using Azure CLI.
Azure provides built-in mechanisms to safeguard resources from unintended deletion. These mechanisms include:
- Azure Resource Locks: Prevent deletion of resources or resource groups.
- Azure Policy: Enforce organizational standards and protect critical infrastructure.
- Azure CLI Recovery Commands: Restore deleted servers when possible.
Prevent an accidental deletion
You can apply resource locks at both the resource and resource group levels. These locks override user permissions to prevent deletion.
Lock a MySQL Flexible Server
az lock create \
--name "PreventDeleteLock" \
--resource-group <RESOURCE_GROUP_NAME> \
--resource-name <MYSQL_SERVER_NAME> \
--resource-type "Microsoft.DBforMySQL/flexibleServers" \
--lock-type CanNotDelete
Verify locks
az lock list \
--resource-group <RESOURCE_GROUP_NAME> \
--resource-name <MYSQL_SERVER_NAME> \
--resource-type "Microsoft.DBforMySQL/flexibleServers" \
-o table
Remove locks
az lock delete \
--name "PreventDeleteLock" \
--resource-group <RESOURCE_GROUP_NAME> \
--resource-name <MYSQL_SERVER_NAME> \
--resource-type "Microsoft.DBforMySQL/flexibleServers"
Lock the entire resource group
az lock create \
--name "PreventDeleteGroupLock" \
--resource-group <RESOURCE_GROUP_NAME> \
--lock-type CanNotDelete
Recover a deleted server
If you accidentally delete a server, you can recover it by using Azure CLI and point-in-time restore (PITR), if backups are available.
Restore with Azure CLI
az mysql flexible-server restore \
--resource-group <RESOURCE_GROUP_NAME> \
--name <NEW_SERVER_NAME> \
--source-server <DELETED_SERVER_NAME> \
--restore-time <TIMESTAMP>
Note
Make sure you replace <TIMESTAMP> with the time just before deletion.
Best practices
- Apply
CanNotDeletelocks to critical resources and resource groups. - Use Azure Policy to enforce lock usage across subscriptions.
- Regularly test restore procedures to ensure recovery readiness.
- Monitor lock configurations and audit changes by using Azure Activity Logs.