Azure CLI

Azure CLI cheatsheet — manage VMs, storage, AKS, and resource groups. az login, az vm create, az aks get-credentials, az group list. Full Azure CLI reference.

8 min read

What it is

The Azure CLI is a command-line tool for managing Azure resources, enabling you to interact with Azure services from your terminal.

Installation

Linux

curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
# Or for RPM-based systems:
curl -sL https://aka.ms/InstallAzureCLIRpm | sudo bash

macOS

brew update && brew install azure-cli

Windows

Download and run the MSI installer from the official Azure CLI documentation. Alternatively, you can install it via Chocolatey:

choco install azure-cli

Login

To use the Azure CLI, you first need to log in to your Azure account:

az login

This will open a browser window for authentication.

Core Concepts

  • Resource Groups: Logical containers for Azure resources. Resources must belong to a resource group.
  • Resources: Individual Azure services like virtual machines, storage accounts, and web apps.
  • Subscriptions: An Azure subscription is a logical grouping of resources that is associated with an Azure account.
  • Locations: Azure regions where your resources are deployed (e.g., eastus, westeurope).
  • Resource IDs: Unique identifiers for Azure resources.

Commands / Usage

Account Management

  • List subscriptions:

    az account list --output table

    Lists all Azure subscriptions accessible by your logged-in account.

  • Set default subscription:

    az account set --subscription "My Azure Subscription Name or ID"

    Sets the active subscription for subsequent commands.

  • Show current account details:

    az account show

    Displays information about the currently active subscription.

Resource Group Management

  • Create a resource group:

    az group create --name myResourceGroup --location eastus

    Creates a new resource group named myResourceGroup in the eastus location.

  • List resource groups:

    az group list --output table

    Lists all resource groups in your current subscription.

  • Show resource group details:

    az group show --name myResourceGroup

    Displays details about a specific resource group.

  • Delete a resource group:

    az group delete --name myResourceGroup --yes

    Deletes a resource group and all resources within it. --yes confirms deletion without prompting.

Virtual Machine Management

  • Create a virtual machine:

    az vm create \
  --resource-group myResourceGroup \
  --name myVM \
  --image UbuntuLTS \
  --admin-username azureuser \
  --generate-ssh-keys

    Creates a new Ubuntu LTS virtual machine named myVM in myResourceGroup, using SSH key-based authentication.

  • List virtual machines:

    az vm list --resource-group myResourceGroup --output table

    Lists all virtual machines in a specified resource group.

  • Show virtual machine details:

    az vm show --resource-group myVMResourceGroup --name myVM --show-details

    Displays detailed information about a specific virtual machine.

  • Start a virtual machine:

    az vm start --resource-group myVMResourceGroup --name myVM

    Starts a stopped virtual machine.

  • Stop a virtual machine:

    az vm stop --resource-group myVMResourceGroup --name myVM

    Stops a running virtual machine (deallocates it).

  • Restart a virtual machine:

    az vm restart --resource-group myVMResourceGroup --name myVM

    Restarts a virtual machine.

  • Delete a virtual machine:

    az vm delete --resource-group myVMResourceGroup --name myVM --yes

    Deletes a virtual machine.

Storage Account Management

  • Create a storage account:

    az storage account create \
  --resource-group myResourceGroup \
  --name mystorageaccount123 \
  --location eastus \
  --sku Standard_LRS

    Creates a standard locally-redundant storage account named mystorageaccount123 in myResourceGroup.

  • List storage accounts:

    az storage account list --resource-group myResourceGroup --output table

    Lists all storage accounts in a resource group.

  • Show storage account keys:

    az storage account keys list --resource-group myResourceGroup --account-name mystorageaccount123

    Retrieves the access keys for a storage account.

  • Delete a storage account:

    az storage account delete --resource-group myResourceGroup --name mystorageaccount123 --yes

    Deletes a storage account.

Web App Management

  • Create an App Service Plan:

    az appservice plan create \
  --resource-group myResourceGroup \
  --name myAppServicePlan \
  --sku F1 \
  --is-linux

    Creates a free-tier Linux App Service plan.

  • Create a Web App:

    az webapp create \
  --resource-group myResourceGroup \
  --plan myAppServicePlan \
  --name mywebapp123 \
  --runtime "python|3.9"

    Creates a Python 3.9 web app named mywebapp123 under myAppServicePlan.

  • List Web Apps:

    az webapp list --resource-group myResourceGroup --output table

    Lists all web apps in a resource group.

  • Deploy to a Web App (from local directory):

    az webapp deploy \
  --resource-group myResourceGroup \
  --name mywebapp123 \
  --src-path /path/to/your/app/content

    Deploys content from a local directory to a web app.

  • Delete a Web App:

    az webapp delete --resource-group myResourceGroup --name mywebapp123 --yes

    Deletes a web app.

Azure Kubernetes Service (AKS)

  • Create an AKS cluster:

    az aks create \
  --resource-group myResourceGroup \
  --name myAKSCluster \
  --node-count 1 \
  --enable-addons monitoring \
  --generate-ssh-keys

    Creates an AKS cluster with one node and enables monitoring.

  • List AKS clusters:

    az aks list --resource-group myResourceGroup --output table

    Lists all AKS clusters in a resource group.

  • Get AKS credentials:

    az aks get-credentials --resource-group myResourceGroup --name myAKSCluster

    Downloads credentials for an AKS cluster and configures kubectl to connect to it.

  • Delete an AKS cluster:

    az aks delete --resource-group myResourceGroup --name myAKSCluster --yes

    Deletes an AKS cluster.

Networking

  • Create a virtual network:

    az network vnet create \
  --resource-group myResourceGroup \
  --name myVNet \
  --address-prefix 10.0.0.0/16 \
  --subnet-name mySubnet \
  --subnet-prefix 10.0.0.0/24

    Creates a virtual network and a subnet.

  • Create a public IP address:

    az network public-ip create \
  --resource-group myResourceGroup \
  --name myPublicIP \
  --allocation-method Static \
  --sku Standard

    Creates a static, standard SKU public IP address.

  • Create a Network Security Group (NSG):

    az network nsg create \
  --resource-group myResourceGroup \
  --name myNSG

    Creates an empty network security group.

  • Add a security rule to an NSG:

    az network nsg rule create \
  --resource-group myResourceGroup \
  --nsg-name myNSG \
  --name AllowHTTP \
  --priority 100 \
  --protocol Tcp \
  --destination-port-range 80 \
  --access Allow \
  --direction Inbound

    Adds a rule to allow inbound TCP traffic on port 80.

Querying and Output

  • Show resource JSON:

    az vm show --resource-group myVMResourceGroup --name myVM --query "{Name:name, OS:storageProfile.osDisk.osType, State:powerState}"

    Retrieves specific properties of a resource using JMESPath queries.

  • Output formats:

    az vm list --output json
az vm list --output table
az vm list --output tsv
az vm list --output yaml

    Specifies the output format for commands.

Scripting and Automation

  • Template deployment:

    az deployment group create \
  --resource-group myResourceGroup \
  --template-file azuredeploy.json \
  --parameters azuredeploy.parameters.json

    Deploys resources using an ARM template.

  • List deployments:

    az deployment group list --resource-group myResourceGroup --output table

    Lists all deployments in a resource group.

Azure CLI Extensions

  • List installed extensions:

    az extension list

    Lists all installed Azure CLI extensions.

  • Install an extension:

    az extension add --name azure-iot

    Installs the azure-iot extension.

  • Update extensions:

    az extension update --upgrade-all

    Updates all installed extensions.

Other Useful Commands

  • Show Azure CLI version:

    az version

    Displays the installed Azure CLI version and its components.

  • Show help for a command:

    az vm --help
az vm create --help

    Displays help documentation for a command or subcommand.

  • List all commands:

    az find "virtual machine"

    Searches for commands related to a keyword.

Common Patterns

  • Create a resource group and deploy a web app in one go:

    az group create --name myWebAppRG --location westus2 && az appservice plan create --resource-group myWebAppRG --name myPlan --sku B1 --is-linux && az webapp create --resource-group myWebAppRG --plan myPlan --name myuniqueappname --runtime "python|3.10"

    Creates a resource group, an App Service plan, and a web app sequentially.

  • Get the public IP of a VM and SSH into it:

    VM_IP=$(az vm show -g myVMResourceGroup -n myVM -d --query publicIps -o tsv) && ssh azureuser@$VM_IP

    Retrieves the public IP address of a VM and then uses it to SSH.

  • Deploy a static web app from a local folder:

    az storage blob upload-batch \
  --account-name mystorageaccount123 \
  --destination '$web' \
  --source /path/to/your/static/site

    Uploads all files from a local directory to the $web container for static website hosting.

  • List all resources of a specific type in a subscription:

    az resource list --resource-type "Microsoft.Compute/virtualMachines" --output table

    Lists all virtual machines across all resource groups in the current subscription.

  • Delete all resources in a resource group:

    az group delete --name myResourceGroup --yes --no-wait

    Deletes a resource group and all its contents without waiting for completion.

  • Check for available VM sizes in a region:

    az vm list-sizes --location eastus --output table

    Lists all available VM sizes in a specific Azure region.

Gotchas

  • Resource Naming: Many Azure resources have globally unique naming requirements (e.g., storage accounts, web apps). If a name is taken, the command will fail.
  • Permissions: Ensure the account you are logged in with (az login) has the necessary permissions to perform the requested operations. Role-Based Access Control (RBAC) is crucial.
  • Default Resource Group: If you don’t specify --resource-group for a resource creation command, the CLI might default to a resource group if one is already set as default in your configuration, or it might prompt you or fail. It’s best practice to always explicitly specify the resource group.
  • --yes Flag: The --yes flag bypasses confirmation prompts for destructive operations (like deleting resource groups or VMs). Use with caution.
  • --no-wait Flag: Commands ending with --no-wait return immediately without waiting for the operation to complete on Azure. This is useful for scripting but means the resource might not be fully provisioned when the command returns.
  • Case Sensitivity: Resource names are generally case-insensitive, but some commands or parameters might be case-sensitive.
  • Extension Management: Extensions are separate from the core CLI and might have their own dependencies or update cycles. Always ensure extensions are up-to-date if you encounter issues.
  • Location Specificity: Many commands require a --location parameter. If omitted, it might use a default or prompt. Always specify the desired region for consistency and predictability.
  • Output Parsing: While --output table and --output tsv are human-readable, for scripting, --output json or --output tsv are generally preferred. Be mindful of whitespace and formatting when parsing output.
  • Idempotency: Many create commands are not idempotent. Running az vm create twice with the same name and parameters will result in an error on the second attempt, as the resource already exists. Use az vm show or az vm update for modifications.