Mastering Azure CLI

Mastering Azure CLI

Introduction

The Azure Command-Line Interface, or Azure CLI, is a powerful tool for managing Azure resources. It's simpler than PowerShell, making it a user-friendly option for command-line operations. It's also cross-platform, meaning you can use it regardless of your operating system. In this blog post, we'll explore what you can do with Azure CLI, provide some practical examples, and discuss how to manage resources with this tool.

What is Azure CLI?

Azure CLI is a command-line tool designed to manage Azure resources. It's easier to use than Azure PowerShell but still offers a significant degree of flexibility. Azure CLI is perfect for those who prefer a command-line interface but want something simpler than PowerShell. It's also cross-platform, so you can use it on any operating system that supports Node.js. Azure CLI is written in Python, making it a great choice for those familiar with Python scripting.

Installing Azure CLI on Windows, Linux, and Mac

Azure CLI is a powerful tool that enables users to manage and deploy resources from the command line, whether you're working with Windows, Linux, or Mac. This blog post will guide you through the process of installing Azure CLI on these three platforms.

Installing Azure CLI on Windows

  1. Visit the Azure downloads page and download the MSI installer for Windows.

  2. Once downloaded, run the installer and follow the on-screen instructions to install Azure CLI.

  3. After installation, you can verify the installation by opening a new command prompt or PowerShell window and typing the command az --version. This should display the Azure CLI version installed on your machine.

Installing Azure CLI on Linux

The installation process on Linux depends on the specific distribution you are using. Here, we provide an example with a Debian-based distribution like Ubuntu.

  1. Open a terminal window.

  2. Update your sources list with the following command:

     sudo apt-get update.
    
  3. Install the curl command with:

     sudo apt-get install curl.
    
  4. Import the Microsoft repository key using the following command:

     curl -sL <https://packages.microsoft.com/keys/microsoft.asc> | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg > /dev/null.
    
  5. Add the Azure CLI software repository:

     echo "deb [arch=amd64] <https://packages.microsoft.com/repos/azure-cli/> $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/azure-cli.list.
    
  6. Update the repository information with:

     sudo apt-get update.
    
  7. Install Azure CLI using:

     sudo apt-get install azure-cli.
    
  8. Verify the installation by typing az --version in the terminal. This should display the version of Azure CLI that you have installed.

Installing Azure CLI on Mac

  1. Open Terminal.

  2. We'll use Homebrew to install Azure CLI. If you don't have it installed, you can install it by running

     /bin/bash -c "$(curl -fsSL <https://raw.githubusercontent.com/Homebrew/install/master/install.sh>)".
    
  3. Once Homebrew is installed, you can install Azure CLI by running

     brew update && brew install azure-cli.
    
  4. Verify the installation by typing az --version in the terminal. This should display the version of Azure CLI that you have installed.

Installing Azure CLI on your machine, whether it's Windows, Linux, or Mac, is a straightforward process. With Azure CLI installed, you're ready to start managing your Azure resources from the command line. Happy scripting!

As we delve deeper into the world of Azure Command-Line Interface (Azure CLI), we come across an integral aspect of working with Azure resources - Authentication. Authentication is the process of verifying the identity of a user or process. In Azure CLI, it's the mechanism that allows you to prove your identity to Azure Active Directory (Azure AD) so you can access resources. In this blog post, we will discuss three primary methods of authenticating with Azure CLI: Interactive login, Service Principal with a client secret, and Service Principal with a certificate.

Azure CLI Authentication Methods & How They Work

Interactive Login

Interactive login is the simplest and most straightforward method of authentication. It is primarily used when you're manually running commands in your local environment. Here are the steps:

  1. Run the command in your shell. This opens a web page where you can enter your Azure credentials.

     az login
    
  2. After entering your credentials, you'll be redirected to a page confirming that you've signed in to the Microsoft Azure Cross-platform Command Line Interface.

  3. You can now close the webpage. Your shell should display a JSON output with details about your subscriptions.

Note that if you have multiple subscriptions, Azure CLI sets your active subscription to the default one. You can view your subscriptions with

az account list
az account set --subscription "subscription-id" // set your active subscription

Service Principal with a Client Secret

For automation tasks or when running Azure CLI in a non-interactive environment (like a CI/CD pipeline), using a service principal with a client secret is a common method. Here's how you can do it:

  1. First, create a service principal with a client secret using the az ad sp create-for-rbac command. This command returns a JSON output with your appId, displayName, name, password, and tenant.

  2. Then, log in using the service principal. Use the az login --service-principal --username APP_ID --password CLIENT_SECRET --tenant TENANT_ID command, replacing APP_ID, CLIENT_SECRET, and TENANT_ID with your respective values.

  3. If successful, the shell returns a JSON output with details about the service principal's associated subscription.

Service Principal with a Certificate

A service principal with a certificate provides a more secure method of authentication than a client secret. Here's how to set it up:

  1. First, create a self-signed certificate with the following command. This command creates a new service principal and a PEM file containing the certificate and private key.

     az ad sp create-for-rbac --create-cert
    
  2. Then, log in using the certificate. Use the command, replacing APP_ID, TENANT_ID, and CERT_PATH with your respective values.

     az login --service-principal --username APP_ID --tenant TENANT_ID --password CERT_PATH
    
  3. If successful, the shell returns a JSON output with details about the service principal's associated subscription.

Authentication is a crucial part of managing Azure resources using Azure CLI. Whether you're using an interactive login for manual operations or service principals for automated tasks, understanding these authentication methods will enable you to securely and effectively manage your Azure resources.

Azure CLI in Action: Practical Examples

Let's dive into some practical examples of how to use Azure CLI. Firstly, to create a resource group, you would use the following command:

az group create --name myResourceGroup --location eastus

This command creates a resource group named "myResourceGroup" in the "eastus" region.

Suppose you want to create a new virtual machine. In that case, you might use a command like:

az vm create --resource-group myResourceGroup --name myVm --image UbuntuLTS --generate-ssh-keys

which would create a new Ubuntu virtual machine with SSH keys in the previously created resource group.

Managing Resources with Azure CLI

Managing resources with Azure CLI is straightforward. To list all resources in a specific resource group, use

az resource list --resource-group myResourceGroup

If you need to delete a resource group and all its resources, the command is

az group delete --name myResourceGroup --yes

The --yes flag is used to confirm the deletion without further prompts.

Azure CLI also allows you to move resources between groups with

az resource move --destination-group newGroup --resource-group oldGroup --name resourceName

Where "newGroup" is the destination resource group, "oldGroup" is the source group, and "resourceName" is the name of the resource you're moving.

Conclusion

Azure CLI offers a powerful yet user-friendly way to manage Azure resources. Its cross-platform compatibility, combined with its simplicity relative to Azure PowerShell, makes it an appealing choice for a variety of use cases. By learning the basic commands and understanding how to manage resources, you can start leveraging the power of Azure CLI in your Azure operations.

Ref.: MicrosoftAzureCLI

Did you find this article valuable?

Support PowerToCloud by becoming a sponsor. Any amount is appreciated!