Posts Azure CLI Tip Of The Day - January 2022
Post
Cancel

Azure CLI Tip Of The Day - January 2022

Rotate Azure VM Passwords with PowerShell Azure Automation and Key Vault - AzureIs.Fun

At the end of 2021, I created a PowerShell Twitter bot and started posting Azure CLI tips every day on Twitter.

I posted every day, and here is the summary of that. You can easily use them to perform described operations.


Please note: There are no controls or WhatIfs in any of these commands, and executing of operation will begin immediately.


Azure CLI:

#Azure CLI cmd of the day - January 2022:
#1 List existing subscriptions, select one to work with, list default:
az account list -o table
az account set -s '<Subscription Name>'
az account list --query "[?isDefault]" -o table
#2 List MGs, show subs inside, export sub names:
az account management-group list
az account management-group show -n '<MG Name>' -e -r --query 'children'
az account management-group show -n '<MG Name>' -e -r --query 'children[].displayName' -o tsv
#3 List Resource Group Names, list RGs with specific Tag and value:
az group list --query [].name --out tsv
az group list --query "[?tags.Environment == 'Prod']" -o table
#4 AZ CLI login interactive and non-interactive:
az login
az login -u <UserName> -p <Password>
az login --service-principal -u <app-id> -p <pwd-or-cert> --tenant <tenant>
az login --identity --username <resource_id>
#5 Get locations, get Resource Groups in specific Location and Subscription
az account list-locations -o table
az group list --subscription '<sub-name>' --query "[?location=='<location>']"
#6 Show RG details, list resources in RG, find by Tag:
az group show -n <rg-name>
az resource list --resource-group <rg-name> -o table
az group list --tag 'Key=Value'
az group list --tag 'Key'
az resource list --tag 'Key'
#7 Create RG if not exist:
if ((az group exists -n <rg-name>) -eq "false") {az group create -l <location> -n <rg-name> --tags Key=Value 'Key2=Long Value'} else {write "Group already exists"}
#'az group create' will update existing RG without asking
#8 Define default RG, export RG template, list deployments, delete RG:
az configure --defaults group=<rg-name>
az group export -g <rg-name>
az deployment group list -g <rg-name> -o table
az group delete -n <rg-name> --no-wait --yes
#9 List, crate, modify, delete Resource Locks for RGs:
az group lock list -g <rg-name>
az group lock create --lock-type ReadOnly -n <name> -g <rg-name>
az group lock delete --name <name> -g <rg-name>
az group lock update --name <name> -g <rg-name> --lock-type CanNotDelete
#10 Get resources with tag, convert output to PwSh JSON object:
$Resources = az resource list --tag 'Key' -o json | ConvertFrom-Json
Remove tag from all resources:
$Resources | % { az tag update --resource-id $_.id --operation delete --tags 'Key'}
#11 List resources of specific type in RG:
az resource list --resource-group RGname --query "[? contains (type,'virtualMachines')]"
#12 Show resource details:
az resource show --ids <resource-id>
az resource show -g <rg> -n <name> --resource-type '<resource-type>'
az resource show -g <rg> -n <name> --namespace <name-space> --parent <virtual-network-name> --resource-type subnets
#13 Show VM details, show details only for specific VMs:
az vm list -d -o table
az vm list -d --query "[?powerState=='VM running']" -o table
#14 Show specific fields with custom names for properties:
az vm show -g '<rg-name>' -n '<vm-name>' --query '{VMName:name, ComputerName:osProfile.computerName, LocalAdmin:osProfile.adminUsername, OSVersion:storageProfile.imageReference.sku}' -o table
#15 Start (stop) vm in non default sub, no wait :
az vm start -n '<vm-name>' -g '<rg-name>' --subscription '<sub-name>' --no-wait
#16 List Az VM Images, List Azure Locations, List Az VM sizes:
az vm image list --all -o table
az account list-locations -o table
az vm list-sizes -l <location> -o table
#17 Simple VM create:
az vm create -g <rg-name> -n <name> --image <image> -l <location> --admin-username <user>
#18 Create a VM from a custom managed image:
az vm create -g <rg-name> -n <vm-name> --image <image>
#19 Create a VM by attaching to a managed operating system disk:
az vm create -g <rg-name> -n <vm-name> --attach-os-disk <os-disk-name> --os-type Windows
#20 Create Ubuntu VM with default SSH authentication:
az vm create -n <vm-name> -g <rg-name> --image UbuntuLTS
#21 New Ubuntu with PIP, DNS, 2 data disks(50,20GB), generate ssh key pairs:
az vm create -n <vm-name> -g <rg-name> --public-ip-address-dns-name <my-dns-name> --image ubuntults --data-disk-sizes-gb 50 20 --size Standard_DS2_v2 --generate-ssh-keys
#22 Create multiple VMs:
az vm create -n <vm-name> -g <rg-name> --image <image> --count 5
#23 Convert VM (one and all in RG) to use managed disk:
az vm convert -g <rg-name> -n <vm-name>
az vm convert --ids $(az vm list -g <rg-name> --query "[].id" -o tsv)
#24 Deallocate, generalize, and capture multiple stopped VMs:
vms_ids=$(az vm list -g <rg-name> --query "[].id" -o tsv)
az vm deallocate --ids ${vms_ids}
az vm generalize --ids ${vms_ids}
az vm capture --ids ${vms_ids} --vhd-name-prefix <my-prefix>
#25 Export Public IPs to CSV:
((az network public-ip list --query "[].{name: name, address: ipAddress}") | ConvertFrom-Json) | Export-Csv -path "c:\ips.csv" -NoTypeInformation
#26 Create run command that can be executed remotely:
az vm run-command create -g <rg-name> --parameters arg1=param1 --script "Write-Host Azure Is Fun!" --timeout-in-seconds 30 --run-command-name <cmd-name> --vm-name <vm-name>
#27 List commands, invoke in-line script remotely:
az vm run-command list -l <location>
az vm run-command invoke -g <rg> -n <vm-name> --command-id RunShellScript --parameters 'file=test' --scripts 'param([string]$file)' 'New-Item C:\Temp\$file.txt'
#28 Run PowerShell script file remotely via CLI:
az vm run-command invoke --command-id RunPowerShellScript --name <vm-name> -g <rg-name> --scripts @script.ps1 --parameters "name=vuki" "cloud=azure"
#29 Create #Azure Key Vault:
az keyvault create --name <unique-keyvault-name> --resource-group <rg-name> --location <location>
#30 Create #Azure Key Vaut certificate for VM:
az keyvault certificate create --vault-name vaultname -n cert1 -p "$(az keyvault certificate get-default-policy)"
#31 Create #Azure Key Vaut secret for VM. Create a Debian VM using Key Vault secrets:
secrets=$(az keyvault secret list-versions --vault-name <kv-name> -n cert1 --query "[?attributes.enabled].id" -o tsv)
vm_secrets=$(az vm secret format -s "$secrets")
az vm create -g <rg-name> -n <vm-name> --admin-username <admin> --image debian --secrets "$vm_secrets"

I plan to continue posting Azure CLI and Azure PowerShell commands daily. In the following months, I will try to give it more content and post only related operations one after another. As a result, I will have a full working script for creating or optimizing the environment, which will be visible in this summary at the end of the month.

If you have any ideas on how to optimize this or in which format to present it, please let me know :)

Thank you, and keep using the shell.

Vukašin Terzić

Updated 3 years ago2022-02-08T21:30:51+01:00
This post is licensed under CC BY 4.0