Skip to content
Azure Function App to remove resources with a defined tag
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


This Function apps Removes all resources with a tag that is defined in start-Function. By default this tag is "AutoDelete":"True". The app is meant to run on a schedule at the end of the day to clean up unwanted resources.

Note: this function app removes resources that can not be restored! It should be tested for your environment. To keep you safe I have commented out the remove-actions. To make use of the scripts, remove the comments from the following lines:

Remove-FirstResources -  run.ps1: Line 48 and line 70
Remove-SecondResources - run.ps1: Line 43 and Line 63


This App contains five functions.


This function is triggered by a schedule. It gets all resources with the defined tag. When it has the resources, it first does a check to see if not to many resources would be removed. This is based on a percentage. This can be changed to your needs. It then pushes the resourceIds to the job queue so they can be handled by the following function


This Function is triggered by the job queue. If check for certain resources that are known to have dependent resources preventing it from being deleted. These resources are send to the second queue. The other resources are removed. The amount of Jobs that can run at the same time is set at 10. If the function shows unexpected behavior, you can decrease this number for troubleshooting, as it can cause some instability.


This function does the same as Remove-FirstResources, except it has a small wait at the beginning.


This function gets triggered by the first poison queue. If this is hit, it checks if the resource has not been removed and creates appropriate output so alerting and monitoring is easier implemented through Log Analytics.


This function gets triggered by the second poison queue. If this is hit, it checks if the resource has not been removed and creates appropriate output so alerting and monitoring is easier implemented through Log Analytics.


The arm template only deploys the App itself, not the code. The repository is ready to deploy through an Azure DevOps pipeline. For an example of how to use it, see the following blog post. (This post is about another app, but is easily translated to this use case). The most important thing is to change the settings in azure-pipelines.yml:

  • Change the three parameters at the top:

    • FunctionAppName: the name of the new app, should be globally unique
    • AzureConnectionName: the name of the service connection to Azure in Azure DevOps
    • resourceGroupName: The name of the resourcegroup the app should be placed in.

    The location is set for West Europe, you can changed that as well. See the post below for more information: - Automatic setup: Deploy Azure Functions for PowerShell with Azure DevOps

If you want to run this app in Azure without Azure DevOps, you can use the files in the FunctionApp folder. Don't forget the Function App needs Contributor permissions on every resource group it is supposed to remove (or at subscription level)

Available Components

  • Deployment This folder contains an ARM template to deploy the app, and a PowerShell script that sets the apps permissions
  • FunctionApp This is the code for the Function app itself
  • Azure-pipelines.yml a pipeline to test and deploy this app through Azure DevOps
  • Set-Permissions.ps1 For manual deployment: a script to set the correct permissions
You can’t perform that action at this time.