I'm looking for some advice on how to track which resources in Azure are managed by Terraform or Bicep, especially since I only have Reader access. Any suggestions on how to identify these resources?
4 Answers
Don't overlook resource locks! They're a fantastic way to ensure that your resources remain intact. You can implement them during your Terraform deployment, which means no one can delete or modify the resources without going through Terraform. You could further use Azure Policy to enforce rules around certain tags, like 'deployed_by: Terraform', to prevent manual changes.
Tagging is definitely the go-to solution for tracking your deployments. If you set up some standard tags for your resources, it makes it way easier to identify what was deployed by which tool. Consider using global tags that can be applied across different manifest files—it simplifies management a lot.
I agree with the tagging approach! Additionally, if your resources aren't tagged, you'll have to dig through the activity logs to figure out what's been deployed. It can get pretty messy without those tags, so it's worth implementing them from the start.
We also tag our resources with the name of the Azure DevOps repo they're associated with. Missing out on adding this tag can make tracing back through activity logs a nightmare, so definitely keep that in mind!
Related Questions
How To Get Your Domain Unblocked From Facebook
How To Find A String In a Directory of Files Using Linux