How to add a Lock to resources in a for loop in bicep template?

Question

I have this bicep template to deploy two storage resources

@description('Tags for the storage resources.')
param tags object

@description('Location for all resources, defaults to the Resource Group location')
param location string = resourceGroup().location

var storageAccounts = [
  {
    namePrefix: 'archsa'
    accessTier: 'Cool'
  }
  {
    namePrefix: 'backupsa'
    accessTier: 'Hot'
  }
]

resource saResources 'Microsoft.Storage/storageAccounts@2021-02-01' = [for sa in storageAccounts: {
  name: '${sa.namePrefix}${uniqueString(resourceGroup().id)}'
  location: location
  tags: tags
  sku: {
    name: 'Standard_LRS'
  }
  kind: 'StorageV2'
  properties: {
    accessTier: sa.accessTier
  }
}]

I want to add a lock to each resource if the Tags.Env parameter = 'prod'. What's the best way to do this?

Answer 1

@Mark Allison Here is the sample bicep template on how to add locks to resources in loop.

@description('Location for all resources, defaults to the Resource Group location')  
param location string = resourceGroup().location  
        
var storageAccounts = [  
{  
namePrefix: 'archsa'  
accessTier: 'Cool'  
}  
{  
namePrefix: 'backupsa'  
accessTier: 'Hot'  
}  
]  
  
  
  
resource storageAcct 'Microsoft.Storage/storageAccounts@2021-02-01' = [for config in storageAccounts: {  
name: '${config.namePrefix}${uniqueString(resourceGroup().id)}'  
location: location  
sku: {  
name: 'Standard_LRS'  
}  
kind: 'StorageV2'  
properties: {  
accessTier: config.accessTier  
}  
}]  
        
  
resource salock 'Microsoft.Authorization/locks@2016-09-01' = [for (config, i) in storageAccounts: {  
name: 'salock'  
scope: storageAcct[i]  
properties: {  
level: 'CanNotDelete'  
notes: 'SA should not be deleted.'  
}  
}]