az dataprotection resource-guard
Note
This reference is part of the dataprotection extension for the Azure CLI (version 2.57.0 or higher). The extension will automatically install the first time you run an az dataprotection resource-guard command. Learn more about extensions.
Manage resource guard with dataprotection.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az dataprotection resource-guard create |
Creates or updates a ResourceGuard resource belonging to a resource group. |
Extension | GA |
| az dataprotection resource-guard delete |
Deletes a ResourceGuard resource from the resource group. |
Extension | GA |
| az dataprotection resource-guard list |
Gets list of ResourceGuards in a subscription or in a resource group. |
Extension | GA |
| az dataprotection resource-guard list-protected-operations |
Lists protected operations associated with a ResourceGuard. |
Extension | GA |
| az dataprotection resource-guard show |
Returns a ResourceGuard belonging to a resource group. |
Extension | GA |
| az dataprotection resource-guard unlock |
Unlocks the critical operation which is protected by the resource guard. |
Extension | GA |
| az dataprotection resource-guard update |
Updates protected operations associated with a ResourceGuard. |
Extension | GA |
az dataprotection resource-guard create
Creates or updates a ResourceGuard resource belonging to a resource group.
az dataprotection resource-guard create --name
--resource-group
[--e-tag]
[--location]
[--tags]Examples
Create ResourceGuard
az dataprotection resource-guard create --location "WestUS" --tags key1="val1" --resource-group "SampleResourceGroup" --resource-guard-name "swaggerExample"Required Parameters
The name of Resource Guard.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Optional ETag.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection resource-guard delete
Deletes a ResourceGuard resource from the resource group.
az dataprotection resource-guard delete [--ids]
[--name]
[--resource-group]
[--subscription]
[--yes]Examples
Delete ResourceGuard
az dataprotection resource-guard delete --resource-group "SampleResourceGroup" --resource-guard-name "swaggerExample"Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of ResourceGuard.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Do not prompt for confirmation.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection resource-guard list
Gets list of ResourceGuards in a subscription or in a resource group.
az dataprotection resource-guard list [--max-items]
[--next-token]
[--resource-group]Examples
List ResourceGuards in a subscription
az dataprotection resource-guard listList ResourceGuards in a resource group
az dataprotection resource-guard list -g sarath-rgOptional Parameters
Total number of items to return in the command's output. If the total number of items available is more than the value specified, a token is provided in the command's output. To resume pagination, provide the token value in --next-token argument of a subsequent command.
Token to specify where to start paginating. This is the token value from a previously truncated response.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection resource-guard list-protected-operations
Lists protected operations associated with a ResourceGuard.
az dataprotection resource-guard list-protected-operations --resource-type {Microsoft.DataProtection/backupVaults, Microsoft.RecoveryServices/vaults}
[--ids]
[--name]
[--resource-group]
[--subscription]Examples
List ResourceGuard protected operations
az dataprotection resource-guard list-protected-operations --resource-group "SampleResourceGroup" --resource-guard-name "swaggerExample" --resource-type "Microsoft.RecoveryServices/vaults"Required Parameters
Type of the resource associated with the protected operations.
Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of ResourceGuard.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection resource-guard show
Returns a ResourceGuard belonging to a resource group.
az dataprotection resource-guard show [--ids]
[--name]
[--resource-group]
[--subscription]Examples
Get ResourceGuard
az dataprotection resource-guard show --resource-group "SampleResourceGroup" --resource-guard-name "swaggerExample"Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of ResourceGuard.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection resource-guard unlock
Unlocks the critical operation which is protected by the resource guard.
az dataprotection resource-guard unlock [--ids]
[--name]
[--operation-requests]
[--resource-group]
[--resource-to-be-deleted]
[--subscription]
[--tenant-id]
[--vault-name]Examples
Unlock deletion of the ResourceGuard mapping to disable MUA on the vault
az dataprotection resource-guard unlock -n "DppResourceGuardProxy" -g "sampleRG" -v "sampleVault" --resource-guard-operation-requests "DisableMUA" --resource-to-be-deleted "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sampleRG/providers/Microsoft.DataProtection/backupVaults/sampleVault/backupResourceGuardProxies/DppResourceGuardProxy"Optional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of the resource guard mapping.
List of critical operations which are protected by the resourceGuard and need to be unlocked. Supported values are DeleteBackupInstance, DisableMUA Support shorthand-syntax, json-file and yaml-file. Try "??" to show more. Singular flags: --operation-requests.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
ARM Id of the resource that need to be unlocked for performing critical operation.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Tenant ID for cross-tenant calls.
The name of the backup vault.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az dataprotection resource-guard update
Updates protected operations associated with a ResourceGuard.
az dataprotection resource-guard update [--add]
[--critical-operation-exclusion-list]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--name]
[--remove]
[--resource-group]
[--resource-type {Microsoft.DataProtection/backupVaults, Microsoft.RecoveryServices/vaults}]
[--set]
[--subscription]
[--tags]Examples
Update ResourceGuard
az dataprotection resource-guard update --resource-group "SampleResourceGroup" --resource-guard-name "swaggerExample" --resource-type "Microsoft.RecoveryServices/vaults" --critical-operation-exclusion-list deleteProtection getSecurityPIN updatePolicyOptional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
List of critical operations which are not protected by this resourceGuard. Allowed values: deleteProtection, getSecurityPIN, updatePolicy, updateProtection. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
The name of Resource Guard.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Type of the resource associated with the protected operations.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
