Introduction: Understanding Azure CLI
Azure Command Line Interface (CLI) is a cross-platform command-line tool designed to create and manage Azure resources. It allows administrators, developers, and DevOps professionals to execute commands through a terminal using interactive command-line prompts or scripts. Azure CLI provides a flexible and efficient alternative to the Azure Portal for managing Azure resources, automating repetitive tasks, and integrating Azure operations into continuous integration/continuous deployment (CI/CD) pipelines.
Core Azure CLI Concepts & Setup
Installation & Configuration
# Install on Windows (requires admin PowerShell)
winget install -e --id Microsoft.AzureCLI
# Install on macOS
brew install azure-cli
# Install on Ubuntu/Debian
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
# Login to Azure
az login
# Set active subscription
az account set --subscription "Subscription Name"
# Display current subscription
az account show
# List all subscriptions
az account list --output table
Basic CLI Syntax Pattern
az <command-group> <command> <subcommand> [parameters]
Output Formats
# Format output as JSON (default)
az group list
# Format output as table
az group list --output table
# or shorthand
az group list -o table
# Format output as TSV (for scripting)
az group list --output tsv
# Format output as YAML
az group list --output yaml
# Format output with custom query (JMESPath)
az group list --query "[].{Name:name, Location:location}" -o table
Resource Management Commands
Resource Groups
# Create a resource group
az group create --name MyResourceGroup --location eastus
# List all resource groups
az group list --output table
# List resource groups with name containing 'prod'
az group list --query "[?contains(name, 'prod')]" -o table
# Delete a resource group
az group delete --name MyResourceGroup --yes --no-wait
# Export template from a resource group
az group export --name MyResourceGroup > template.json
# Deploy ARM template to a resource group
az deployment group create --resource-group MyResourceGroup --template-file template.json --parameters parameters.json
Resource Operations
# List all resources in a resource group
az resource list --resource-group MyResourceGroup -o table
# List all resources with a specific tag
az resource list --tag Environment=Production -o table
# Show details of a specific resource
az resource show --resource-group MyResourceGroup --name MyVM --resource-type "Microsoft.Compute/virtualMachines"
# Delete a specific resource
az resource delete --resource-group MyResourceGroup --name MyVM --resource-type "Microsoft.Compute/virtualMachines"
# Update tags for a resource
az resource tag --tags Environment=Test Department=Finance --resource-group MyResourceGroup --name MyVM --resource-type "Microsoft.Compute/virtualMachines"
Compute Services Commands
Virtual Machines
# List available VM sizes in a region
az vm list-sizes --location eastus -o table
# Create a Linux VM
az vm create \
--resource-group MyResourceGroup \
--name MyLinuxVM \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys \
--size Standard_DS2_v2
# Create a Windows VM
az vm create \
--resource-group MyResourceGroup \
--name MyWindowsVM \
--image Win2019Datacenter \
--admin-username azureuser \
--admin-password "P@ssw0rd1234!" \
--size Standard_DS2_v2
# List all VMs
az vm list -o table
# List all VMs in a resource group
az vm list --resource-group MyResourceGroup -o table
# Start a VM
az vm start --resource-group MyResourceGroup --name MyVM
# Stop a VM
az vm stop --resource-group MyResourceGroup --name MyVM
# Deallocate a VM (stops billing for compute)
az vm deallocate --resource-group MyResourceGroup --name MyVM
# Resize a VM
az vm resize --resource-group MyResourceGroup --name MyVM --size Standard_DS3_v2
# Get VM public IP
az vm list-ip-addresses --resource-group MyResourceGroup --name MyVM -o table
# Run commands on VM
az vm run-command invoke --resource-group MyResourceGroup --name MyVM --command-id RunShellScript --scripts "apt-get update && apt-get upgrade -y"
Virtual Machine Scale Sets
# Create a VM scale set
az vmss create \
--resource-group MyResourceGroup \
--name MyScaleSet \
--image UbuntuLTS \
--admin-username azureuser \
--generate-ssh-keys \
--instance-count 3 \
--vm-sku Standard_DS2_v2
# Scale out to 5 instances
az vmss scale --resource-group MyResourceGroup --name MyScaleSet --new-capacity 5
# List VMSS instances
az vmss list-instances --resource-group MyResourceGroup --name MyScaleSet -o table
# Update a VMSS
az vmss update --resource-group MyResourceGroup --name MyScaleSet --set upgradePolicy.mode=Automatic
App Service
# Create an App Service plan
az appservice plan create \
--resource-group MyResourceGroup \
--name MyPlan \
--sku B1 \
--is-linux
# Create a web app
az webapp create \
--resource-group MyResourceGroup \
--plan MyPlan \
--name MyUniqueAppName \
--runtime "PYTHON|3.9"
# Deploy code from GitHub
az webapp deployment source config \
--resource-group MyResourceGroup \
--name MyUniqueAppName \
--repo-url https://github.com/user/repo \
--branch main \
--manual-integration
# List all web apps
az webapp list -o table
# Restart a web app
az webapp restart --resource-group MyResourceGroup --name MyUniqueAppName
# Configure app settings
az webapp config appsettings set \
--resource-group MyResourceGroup \
--name MyUniqueAppName \
--settings WEBSITE_NODE_DEFAULT_VERSION=10.14.1 DB_HOST=mydb.mysql.database.azure.com
# Scale up an App Service plan
az appservice plan update \
--resource-group MyResourceGroup \
--name MyPlan \
--sku S1
Container Instances
# Create a container instance
az container create \
--resource-group MyResourceGroup \
--name mycontainer \
--image mcr.microsoft.com/azuredocs/aci-helloworld \
--ports 80 \
--dns-name-label mycontainerdns \
--location eastus
# List container instances
az container list -o table
# Show container logs
az container logs --resource-group MyResourceGroup --name mycontainer
# Stop a container
az container stop --resource-group MyResourceGroup --name mycontainer
# Delete a container
az container delete --resource-group MyResourceGroup --name mycontainer --yes
Azure Kubernetes Service (AKS)
# Create an AKS cluster
az aks create \
--resource-group MyResourceGroup \
--name MyAKSCluster \
--node-count 3 \
--enable-addons monitoring \
--generate-ssh-keys
# Get credentials for kubectl
az aks get-credentials --resource-group MyResourceGroup --name MyAKSCluster
# Scale cluster nodes
az aks scale \
--resource-group MyResourceGroup \
--name MyAKSCluster \
--node-count 5
# Upgrade Kubernetes version
az aks upgrade \
--resource-group MyResourceGroup \
--name MyAKSCluster \
--kubernetes-version 1.24.9
# List AKS clusters
az aks list -o table
Storage Services Commands
Storage Accounts
# Create a storage account
az storage account create \
--resource-group MyResourceGroup \
--name mystorageaccount \
--location eastus \
--sku Standard_LRS \
--encryption-services blob
# List storage accounts
az storage account list -o table
# Get storage account connection string
az storage account show-connection-string \
--resource-group MyResourceGroup \
--name mystorageaccount
# Generate SAS token
az storage account generate-sas \
--account-name mystorageaccount \
--services bf \
--resource-types sco \
--permissions rwa \
--expiry 2023-12-31T00:00:00Z
# Regenerate storage account keys
az storage account keys renew \
--resource-group MyResourceGroup \
--name mystorageaccount \
--key primary
Blob Storage
# Create a container
az storage container create \
--account-name mystorageaccount \
--name mycontainer \
--auth-mode login
# Upload a file to blob storage
az storage blob upload \
--account-name mystorageaccount \
--container-name mycontainer \
--name remotefile.txt \
--file localfile.txt \
--auth-mode login
# List blobs in a container
az storage blob list \
--account-name mystorageaccount \
--container-name mycontainer \
--output table \
--auth-mode login
# Download a blob
az storage blob download \
--account-name mystorageaccount \
--container-name mycontainer \
--name remotefile.txt \
--file downloadedfile.txt \
--auth-mode login
# Delete a blob
az storage blob delete \
--account-name mystorageaccount \
--container-name mycontainer \
--name remotefile.txt \
--auth-mode login
File Shares
# Create a file share
az storage share create \
--account-name mystorageaccount \
--name myfileshare \
--quota 5 \
--auth-mode login
# Upload a file to a file share
az storage file upload \
--account-name mystorageaccount \
--share-name myfileshare \
--source localfile.txt \
--path remotefile.txt \
--auth-mode login
# List files in a share
az storage file list \
--account-name mystorageaccount \
--share-name myfileshare \
--output table \
--auth-mode login
Database Services Commands
Azure SQL Database
# Create a SQL server
az sql server create \
--resource-group MyResourceGroup \
--name mysqlserver \
--location eastus \
--admin-user serveradmin \
--admin-password "StrongP@ssw0rd!"
# Configure firewall rule
az sql server firewall-rule create \
--resource-group MyResourceGroup \
--server mysqlserver \
--name AllowMyIP \
--start-ip-address 123.123.123.123 \
--end-ip-address 123.123.123.123
# Create a SQL database
az sql db create \
--resource-group MyResourceGroup \
--server mysqlserver \
--name mydb \
--edition Standard \
--capacity 10
# List databases
az sql db list \
--resource-group MyResourceGroup \
--server mysqlserver \
--output table
Azure Cosmos DB
# Create a Cosmos DB account
az cosmosdb create \
--resource-group MyResourceGroup \
--name mycosmosaccount \
--kind MongoDB \
--locations regionName=eastus
# Create a MongoDB database
az cosmosdb mongodb database create \
--resource-group MyResourceGroup \
--account-name mycosmosaccount \
--name mymongodbname
# Create a collection
az cosmosdb mongodb collection create \
--resource-group MyResourceGroup \
--account-name mycosmosaccount \
--database-name mymongodbname \
--name mycollection \
--throughput 400
# List databases
az cosmosdb mongodb database list \
--resource-group MyResourceGroup \
--account-name mycosmosaccount
Networking Commands
Virtual Networks
# Create a virtual network
az network vnet create \
--resource-group MyResourceGroup \
--name MyVNet \
--address-prefix 10.0.0.0/16 \
--subnet-name MySubnet \
--subnet-prefix 10.0.0.0/24
# List virtual networks
az network vnet list -o table
# Add a subnet to an existing VNet
az network vnet subnet create \
--resource-group MyResourceGroup \
--vnet-name MyVNet \
--name MySecondSubnet \
--address-prefix 10.0.1.0/24
# List subnets
az network vnet subnet list \
--resource-group MyResourceGroup \
--vnet-name MyVNet \
-o table
Network Security Groups
# Create a network security group
az network nsg create \
--resource-group MyResourceGroup \
--name MyNSG
# Create a security rule
az network nsg rule create \
--resource-group MyResourceGroup \
--nsg-name MyNSG \
--name AllowSSH \
--protocol tcp \
--priority 1000 \
--destination-port-range 22 \
--access allow
# Associate NSG with subnet
az network vnet subnet update \
--resource-group MyResourceGroup \
--vnet-name MyVNet \
--name MySubnet \
--network-security-group MyNSG
Public IP Addresses
# Create a public IP address
az network public-ip create \
--resource-group MyResourceGroup \
--name MyPublicIP \
--allocation-method Static
# List public IP addresses
az network public-ip list -o table
# Show a specific public IP
az network public-ip show \
--resource-group MyResourceGroup \
--name MyPublicIP \
--query ipAddress -o tsv
Load Balancers
# Create a load balancer
az network lb create \
--resource-group MyResourceGroup \
--name MyLoadBalancer \
--frontend-ip-name MyFrontEnd \
--backend-pool-name MyBackEndPool \
--public-ip-address MyPublicIP
# Create health probe
az network lb probe create \
--resource-group MyResourceGroup \
--lb-name MyLoadBalancer \
--name MyHealthProbe \
--protocol tcp \
--port 80
# Create load balancing rule
az network lb rule create \
--resource-group MyResourceGroup \
--lb-name MyLoadBalancer \
--name MyHTTPRule \
--protocol tcp \
--frontend-port 80 \
--backend-port 80 \
--frontend-ip-name MyFrontEnd \
--backend-pool-name MyBackEndPool \
--probe-name MyHealthProbe
Identity & Access Management
Azure Active Directory
# List AD users
az ad user list --output table
# Create a new user
az ad user create \
--display-name "John Doe" \
--password "Password123!" \
--user-principal-name john.doe@contoso.com \
--mail-nickname johndoe
# List AD groups
az ad group list --output table
# Create a new group
az ad group create \
--display-name "Engineering Team" \
--mail-nickname engineeringteam
# Add user to group
az ad group member add \
--group "Engineering Team" \
--member-id "<user-object-id>"
Role-Based Access Control (RBAC)
# List available roles
az role definition list --output table
# List role assignments
az role assignment list --output table
# Assign a role to a user
az role assignment create \
--assignee john.doe@contoso.com \
--role "Contributor" \
--scope "/subscriptions/<subscription-id>/resourceGroups/MyResourceGroup"
# Remove a role assignment
az role assignment delete \
--assignee john.doe@contoso.com \
--role "Contributor" \
--scope "/subscriptions/<subscription-id>/resourceGroups/MyResourceGroup"
Managed Identities
# Create a user-assigned managed identity
az identity create \
--resource-group MyResourceGroup \
--name MyManagedIdentity
# Assign a role to a managed identity
az role assignment create \
--assignee-object-id "<managed-identity-object-id>" \
--assignee-principal-type ServicePrincipal \
--role "Contributor" \
--scope "/subscriptions/<subscription-id>/resourceGroups/MyResourceGroup"
# List managed identities
az identity list -o table
Monitoring and Logging
Azure Monitor
# Enable VM diagnostics extension
az vm diagnostics set \
--resource-group MyResourceGroup \
--vm-name MyVM \
--settings diagnostics.json
# List metrics for a resource
az monitor metrics list \
--resource "/subscriptions/<subscription-id>/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVM" \
--metric "Percentage CPU"
# Create a metric alert
az monitor metrics alert create \
--resource-group MyResourceGroup \
--name "HighCPU" \
--scopes "/subscriptions/<subscription-id>/resourceGroups/MyResourceGroup/providers/Microsoft.Compute/virtualMachines/MyVM" \
--condition "avg Percentage CPU > 80" \
--window-size 5m \
--evaluation-frequency 1m
Log Analytics
# Create a Log Analytics workspace
az monitor log-analytics workspace create \
--resource-group MyResourceGroup \
--workspace-name MyWorkspace
# Query logs
az monitor log-analytics query \
--workspace MyWorkspace \
--analytics-query "Heartbeat | where TimeGenerated > ago(1h) | summarize count() by Computer"
Advanced Scripting Techniques
Variables and Environment
# Set variables
resourceGroup="MyResourceGroup"
location="eastus"
vmName="MyVM"
# Use variables in commands
az group create --name $resourceGroup --location $location
# Loop through resources
for vm in $(az vm list --query "[].name" -o tsv); do
echo "VM: $vm"
done
# Set environment variables from command output
storageKey=$(az storage account keys list \
--resource-group $resourceGroup \
--account-name mystorageaccount \
--query "[0].value" -o tsv)
Conditional Execution
# If-else in Azure CLI scripts
if az group exists --name $resourceGroup; then
echo "Resource group exists"
else
az group create --name $resourceGroup --location $location
fi
# Check the result of a command
az vm show --resource-group $resourceGroup --name $vmName &> /dev/null
if [ $? -eq 0 ]; then
echo "VM exists"
else
echo "VM does not exist"
fi
Filtering and Querying
# Find all VMs with a specific tag
az vm list --query "[?tags.Environment=='Production']" -o table
# Find resources that match a pattern
az resource list --query "[?name.contains(@, 'prod')]" -o table
# Get specific properties
az vm list --query "[].{Name:name, ResourceGroup:resourceGroup, Size:hardwareProfile.vmSize}" -o table
# Filter by multiple conditions
az vm list --query "[?tags.Environment=='Production' && location=='eastus']" -o table
Extension Management
# List installed extensions
az extension list -o table
# Add an extension
az extension add --name <extension-name>
# Update an extension
az extension update --name <extension-name>
# Remove an extension
az extension remove --name <extension-name>
Common Extension Commands
Azure DevOps
# Install Azure DevOps extension
az extension add --name azure-devops
# List Azure DevOps projects
az devops project list --organization https://dev.azure.com/myorganization --output table
# Create a new pipeline
az pipelines create --name "My Pipeline" --repository myrepo --branch main --organization https://dev.azure.com/myorganization --project myproject
IoT Extensions
# Install IoT extension
az extension add --name azure-iot
# Create IoT Hub
az iot hub create --resource-group MyResourceGroup --name MyIoTHub --sku S1
# Register a device
az iot hub device-identity create --hub-name MyIoTHub --device-id MyDevice
Best Practices & Tips
Working Efficiently
- Use
--helpto get command help:az vm create --help - Save frequently-used commands as scripts
- Use bash completion:
az --install-completion - Create command aliases for common operations:
az configure --defaults group=MyResourceGroup location=eastus - Use query parameter to filter output:
az vm list --query "[?powerState=='VM running']"
Automation Tips
- Use service principals for automation:
az ad sp create-for-rbac --name "MyServicePrincipal" --role Contributor - Store secrets in Key Vault, not in scripts
- Use JMESPath queries for complex data extraction
- Consider using ARM templates for repeatable deployments
- Leverage Azure CLI in CI/CD pipelines
Security Best Practices
- Regularly update Azure CLI:
az upgrade - Use managed identities instead of credentials when possible
- Set scope for all role assignments
- Rotate service principal credentials regularly
- Audit CLI commands by enabling Azure Activity Logs
Resources for Further Learning
Official Documentation
Community Resources
Useful Tools
- Azure Cloud Shell – Browser-based shell with Azure CLI pre-installed
- VS Code Azure Extension – Integrated Azure CLI in VS Code
This cheatsheet provides a comprehensive overview of Azure CLI commands for common operations, but remember to refer to the latest Microsoft documentation for the most current information, as Azure CLI is regularly updated with new features and commands.