๐ท
Azure CLI
Azure CLI (az) commands for compute, storage, networking, AKS, identity and more
Auth & Account Setup
Login, switch subscriptions and inspect your identity
bashยทInteractive login
az login
bashยทLogin with service principal
az login --service-principal -u <app-id> -p <password> --tenant <tenant-id>
bashยทLogin with managed identity (inside Azure VM/ACI)
az login --identity
bashยทList subscriptions
az account list --output table
bashยทSet active subscription
az account set --subscription <subscription-id-or-name>
bashยทShow current account & subscription
az account show
bashยทList available locations
az account list-locations --output table
bashยทLogout
az logout
Resource Groups
Create, inspect and clean up resource groups
bashยทList resource groups
az group list --output table
bashยทCreate resource group
az group create --name <rg> --location eastus
bashยทShow resource group details
az group show --name <rg>
bashยทList all resources inside a group
az resource list --resource-group <rg> --output table
bashยทDelete resource group (and everything in it)
az group delete --name <rg> --yes --no-wait
bashยทExport group as ARM template
az group export --name <rg> > rg-template.json
Virtual Machines
Create, start, stop and connect to Azure VMs
bashยทList VMs
az vm list --output table
bashยทShow VM status
az vm get-instance-view --name <vm> --resource-group <rg> --query instanceView.statuses
bashยทCreate Ubuntu VM with SSH key
az vm create \ --resource-group <rg> \ --name <vm> \ --image Ubuntu2204 \ --size Standard_B2s \ --admin-username azureuser \ --generate-ssh-keys
bashยทStart VM
az vm start --name <vm> --resource-group <rg>
bashยทStop VM (deallocate to stop billing)
az vm deallocate --name <vm> --resource-group <rg>
bashยทRestart VM
az vm restart --name <vm> --resource-group <rg>
bashยทDelete VM
az vm delete --name <vm> --resource-group <rg> --yes
bashยทSSH via Azure Bastion (no public IP needed)
az network bastion ssh --name <bastion> --resource-group <rg> --target-resource-id <vm-id> --auth-type ssh-key --username azureuser --ssh-key ~/.ssh/id_rsa
bashยทOpen port on VM NSG
az vm open-port --port 443 --name <vm> --resource-group <rg>
bashยทList available VM sizes in region
az vm list-sizes --location eastus --output table
Storage โ Accounts & Blobs
Manage storage accounts, containers and blob objects
bashยทList storage accounts
az storage account list --output table
bashยทCreate storage account
az storage account create \ --name <account> \ --resource-group <rg> \ --location eastus \ --sku Standard_LRS \ --kind StorageV2
bashยทGet storage account connection string
az storage account show-connection-string --name <account> --resource-group <rg> --output tsv
bashยทList blob containers
az storage container list --account-name <account> --output table
bashยทCreate blob container
az storage container create --name <container> --account-name <account>
bashยทUpload file to blob
az storage blob upload --account-name <account> --container-name <container> --name <blob-name> --file ./local-file.txt
bashยทDownload blob
az storage blob download --account-name <account> --container-name <container> --name <blob-name> --file ./output.txt
bashยทList blobs in container
az storage blob list --account-name <account> --container-name <container> --output table
bashยทDelete blob
az storage blob delete --account-name <account> --container-name <container> --name <blob-name>
bashยทGenerate SAS token for a blob (1 hour)
az storage blob generate-sas --account-name <account> --container-name <container> --name <blob> --permissions r --expiry $(date -u -d '1 hour' +%Y-%m-%dT%H:%MZ) --output tsv
AKS โ Azure Kubernetes Service
Create and manage AKS clusters and node pools
bashยทList clusters
az aks list --output table
bashยทCreate AKS cluster
az aks create \ --resource-group <rg> \ --name <cluster> \ --node-count 3 \ --node-vm-size Standard_D4s_v3 \ --enable-managed-identity \ --enable-addons monitoring \ --generate-ssh-keys
bashยทGet credentials (update kubeconfig)
az aks get-credentials --resource-group <rg> --name <cluster>
bashยทGet credentials (admin)
az aks get-credentials --resource-group <rg> --name <cluster> --admin
bashยทShow cluster details
az aks show --resource-group <rg> --name <cluster> --output table
bashยทScale node pool
az aks scale --resource-group <rg> --name <cluster> --node-count 5
bashยทUpgrade cluster
az aks upgrade --resource-group <rg> --name <cluster> --kubernetes-version <version>
bashยทList available Kubernetes versions
az aks get-versions --location eastus --output table
bashยทList node pools
az aks nodepool list --resource-group <rg> --cluster-name <cluster> --output table
bashยทAdd spot node pool
az aks nodepool add \ --resource-group <rg> \ --cluster-name <cluster> \ --name spotnodes \ --priority Spot \ --eviction-policy Delete \ --spot-max-price -1 \ --node-vm-size Standard_D4s_v3 \ --node-count 1 \ --enable-cluster-autoscaler --min-count 0 --max-count 10
bashยทDelete cluster
az aks delete --resource-group <rg> --name <cluster> --yes --no-wait
Azure Container Registry (ACR)
Build, push and pull container images with ACR
bashยทCreate registry
az acr create --resource-group <rg> --name <registry> --sku Basic
bashยทList registries
az acr list --output table
bashยทLogin to registry
az acr login --name <registry>
bashยทBuild and push image with ACR Tasks
az acr build --registry <registry> --image <image>:<tag> .
bashยทList repositories
az acr repository list --name <registry> --output table
bashยทList tags for a repository
az acr repository show-tags --name <registry> --repository <image> --output table
bashยทDelete an image tag
az acr repository delete --name <registry> --image <image>:<tag> --yes
bashยทAttach ACR to AKS (grants pull permission)
az aks update --resource-group <rg> --name <cluster> --attach-acr <registry>
Networking
VNets, subnets, NSGs and public IP addresses
bashยทList virtual networks
az network vnet list --output table
bashยทCreate VNet with subnet
az network vnet create \ --resource-group <rg> \ --name <vnet> \ --address-prefix 10.0.0.0/16 \ --subnet-name default \ --subnet-prefix 10.0.0.0/24
bashยทList subnets in a VNet
az network vnet subnet list --resource-group <rg> --vnet-name <vnet> --output table
bashยทList network security groups
az network nsg list --output table
bashยทAdd NSG inbound rule
az network nsg rule create --resource-group <rg> --nsg-name <nsg> --name allow-https --priority 100 --protocol Tcp --destination-port-ranges 443 --access Allow --direction Inbound
bashยทList public IP addresses
az network public-ip list --output table
bashยทCreate static public IP
az network public-ip create --resource-group <rg> --name <ip-name> --allocation-method Static --sku Standard
bashยทList load balancers
az network lb list --output table
IAM & RBAC
Manage service principals, managed identities and role assignments
bashยทList role assignments in subscription
az role assignment list --all --output table
bashยทAssign role to user
az role assignment create \ --assignee <user-email-or-object-id> \ --role "Contributor" \ --scope /subscriptions/<subscription-id>/resourceGroups/<rg>
bashยทRemove role assignment
az role assignment delete --assignee <user> --role "Contributor" --resource-group <rg>
bashยทCreate service principal with Contributor role
az ad sp create-for-rbac --name <sp-name> --role Contributor --scopes /subscriptions/<subscription-id>
bashยทList service principals
az ad sp list --show-mine --output table
bashยทReset service principal credentials
az ad sp credential reset --id <app-id>
bashยทCreate user-assigned managed identity
az identity create --resource-group <rg> --name <identity-name>
bashยทList managed identities
az identity list --output table
bashยทList built-in roles
az role definition list --custom-role-only false --query '[].roleName' --output tsv | sort
Key Vault โ Secrets & Keys
Store and retrieve secrets, keys and certificates
bashยทCreate Key Vault
az keyvault create --name <vault> --resource-group <rg> --location eastus
bashยทList Key Vaults
az keyvault list --output table
bashยทSet a secret
az keyvault secret set --vault-name <vault> --name <secret-name> --value 'my-secret-value'
bashยทGet a secret value
az keyvault secret show --vault-name <vault> --name <secret-name> --query value --output tsv
bashยทList secrets
az keyvault secret list --vault-name <vault> --output table
bashยทDelete a secret
az keyvault secret delete --vault-name <vault> --name <secret-name>
bashยทGrant identity access to vault secrets
az keyvault set-policy --name <vault> --object-id <identity-object-id> --secret-permissions get list
bashยทList certificates
az keyvault certificate list --vault-name <vault> --output table
App Service
Deploy and manage web apps on Azure App Service
bashยทList App Service plans
az appservice plan list --output table
bashยทCreate App Service plan
az appservice plan create \ --name <plan> \ --resource-group <rg> \ --sku B2 \ --is-linux
bashยทCreate web app (Node.js)
az webapp create --resource-group <rg> --plan <plan> --name <app> --runtime 'NODE:20-lts'
bashยทDeploy from local git
az webapp up --name <app> --resource-group <rg> --runtime 'NODE:20-lts'
bashยทList web apps
az webapp list --output table
bashยทStream live logs
az webapp log tail --name <app> --resource-group <rg>
bashยทSet app setting (environment variable)
az webapp config appsettings set --name <app> --resource-group <rg> --settings KEY=value
bashยทList app settings
az webapp config appsettings list --name <app> --resource-group <rg> --output table
bashยทRestart web app
az webapp restart --name <app> --resource-group <rg>
bashยทBrowse web app URL
az webapp browse --name <app> --resource-group <rg>
Monitoring & Diagnostics
Query activity logs, metrics and set up alerts
bashยทList recent activity log entries
az monitor activity-log list --offset 1h --output table
bashยทFilter activity log by resource group
az monitor activity-log list --resource-group <rg> --offset 24h --output table
bashยทList metric definitions for a resource
az monitor metrics list-definitions --resource <resource-id> --output table
bashยทGet metric values (CPU last hour)
az monitor metrics list --resource <resource-id> --metric 'Percentage CPU' --interval PT5M --output table
bashยทList alert rules
az monitor alert list --output table
bashยทList Log Analytics workspaces
az monitor log-analytics workspace list --output table
bashยทRun KQL query against Log Analytics
az monitor log-analytics query --workspace <workspace-id> --analytics-query 'AzureActivity | take 10' --output table