├── CONTRIBUTING.md ├── README.md ├── login-if-expired.azcli ├── get-resources-starts-with.azcli ├── delete-azcli-sps.azcli ├── create-devops-pat.azcli ├── LICENSE ├── set-gh-secret-az-creds.azcli ├── delete-rgs.azcli └── delete-rgs-query.azcli /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | 1. Add a .azcli file to the project 2 | 1. Give it a good description and instructions 3 | 1. PR -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Azure CLI Awesome 2 | 3 | Here are some Azure CLI tips, tricks, and snippets!! 4 | 5 | See the .azcli files in this repo for examples. 6 | 7 | Open to contribs! -------------------------------------------------------------------------------- /login-if-expired.azcli: -------------------------------------------------------------------------------- 1 | # Only prompt the user to login if their current session has expired 2 | 3 | if [[ -z $(az ad signed-in-user show --query 'objectId' -o tsv || true) ]]; then 4 | az login -o none 5 | fi -------------------------------------------------------------------------------- /get-resources-starts-with.azcli: -------------------------------------------------------------------------------- 1 | # This query gets all resources that start with 'meme' and outputs on the name in tsv format 2 | # Change 'meme' to your query and run it. 3 | az group list --query '[?starts_with(name, `meme`)]'.{Name:name} -o tsv -------------------------------------------------------------------------------- /delete-azcli-sps.azcli: -------------------------------------------------------------------------------- 1 | # How to Delete All Service Principals created with `az ad sp create-for-rbac`, which by default start with azure-cli in the name 2 | # Credit: https://twitter.com/mikkelhegn/status/1364601297396203520?s=20 3 | 4 | # Instructions 5 | # 1. Run `az login` 6 | # 2. Run the script below. 7 | 8 | # This version will NOT ask you to confirm each service principal deletion 9 | # USE WITH CARE!!!! 10 | 11 | az ad sp list --show-mine --query "[?starts_with(displayName, 'azure-cli')]".objectId -o tsv | xargs -otl az ad sp delete --id 12 | -------------------------------------------------------------------------------- /create-devops-pat.azcli: -------------------------------------------------------------------------------- 1 | # This is a way to create an Azure DevOps personal access token using the Azure CLI and REST Endpoints. 2 | 3 | # The trick of this is that it uses the Azure CLI's access token to create an access token to the https://management.core.windows.net/ resource which also manages Azure DevOps instances. 4 | 5 | # Azure DevOps Organization name is the name after the host in the URL so https://dev.azure.com/[OrgName]/ 6 | 7 | # 1. Update these values 8 | azdoOrganizationName="OrgName" 9 | patDisplayName="PAT" 10 | 11 | # 2. Run az login if not using cloud shell 12 | 13 | # 3. Run the below command 14 | az rest --method post --uri "https://vssps.dev.azure.com/$azdoOrganizationName/_apis/Tokens/Pats?api-version=6.1-preview" --resource "https://management.core.windows.net/" --body '{ "displayName": "$patDisplayName" }' --headers Content-Type=application/json 15 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Jon Gallant 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /set-gh-secret-az-creds.azcli: -------------------------------------------------------------------------------- 1 | # Set AZURE_CREDENTIALS GitHub secret from the output of service principal creation 2 | 3 | # When running GitHub actions, we often need to login to Azure CLI and we do so with the Azure Login action 4 | # https://github.com/marketplace/actions/azure-login 5 | # - name: 'Login via Azure CLI' 6 | # uses: azure/login@v1 7 | # with: 8 | # creds: ${{ secrets.AZURE_CREDENTIALS }} 9 | # 10 | # When you create a service principal, you can get all the auth info by using the --sdk-auth parameter like this 11 | # az ad sp create-for-rbac --sdk-auth 12 | # Which will output the info in JSON format. 13 | # 14 | # With the GitHub CLI, we can set the secret with: 15 | # gh secret set NAME -b"VALUE" 16 | # You can use the --org or --repo params to target orgs or repos other than the current repo. 17 | 18 | # 1. Login to Azure CLI with `az login` 19 | # 2. Login to GitHub CLI with `gh auth login` 20 | 21 | # If you get this error: 22 | # The value of the GITHUB_TOKEN environment variable is being used for authentication. 23 | # To have GitHub CLI store credentials instead, first clear the value from the environment. 24 | # Then run this and rerun gh auth login 25 | # export GITHUB_TOKEN= 26 | # 3. Run the following command to create the service principal and set the AZURE_CREDENTIALS secret 27 | # -0 will ignore quotes in the Azure CLI output 28 | 29 | az ad sp create-for-rbac --sdk-auth | xargs -0 gh secret set AZURE_CREDENTIALS -b -------------------------------------------------------------------------------- /delete-rgs.azcli: -------------------------------------------------------------------------------- 1 | # How to Delete Multiple Azure Resource Groups with Tags, Bash via Azure Cloud Shell, and the Azure CLI 2 | # Credit: https://blog.jongallant.com/2020/05/azure-delete-multiple-resource-groups/ 3 | # Credit: https://twitter.com/acanthamoeba/status/1333551558433284100/photo/1 4 | 5 | # Instructions 6 | # 1. Run `az login` 7 | # 2. Use the Azure Portal to add a tag called 'delete' to all the resource groups you want to delete 8 | # 3. Run the script below. 9 | 10 | # This version will ask you to confirm each resource group deletion 11 | #az group list --tag delete --query [].name -o tsv | xargs -otl az group delete --no-wait -n 12 | 13 | # Alternative query filtering for specific tag key/value | This version will ask you to confirm each resource group deletion 14 | #az group list --query "[?tags.foo=='bar'].name" -o tsv | xargs -otl az group delete --no-wait -n 15 | 16 | # This version will NOT ask you to confirm each resource group deletion 17 | # USE WITH CARE!!!! 18 | 19 | az group list --tag delete --query [].name -o tsv | xargs -otl az group delete -y --no-wait -n 20 | 21 | # filter by sub id 22 | az group list --subscription {SUB_ID} --tag delete --query [].name -o tsv | xargs -otl az group delete --subscription {SUB_ID} -y --no-wait -n 23 | 24 | 25 | # Alternative query filtering for specific tag key/value | This version will NOT ask you to confirm each resource group deletion 26 | # USE WITH CARE!!!! 27 | #az group list --query "[?tags.foo=='bar'].name" -o tsv | xargs -otl az group delete -y --no-wait -n 28 | -------------------------------------------------------------------------------- /delete-rgs-query.azcli: -------------------------------------------------------------------------------- 1 | # Mega powers to delete across subscriptions and e.g. groups with a specific tag - USE WITH CAUTION 2 | # Requires the Resource Graph extension (az extension add --name resource-graph) 3 | # More info: https://docs.microsoft.com/en-us/azure/governance/resource-graph/first-query-azurecli 4 | 5 | # This command allows you to delete resource groups, given any query against the Azure Resource Graph. 6 | # Step to run the command: 7 | # 1. Install Resource Graph Extension (az extension add --name resource-graph) 8 | # 2. Make sure to input the subscriptionId you want to target `subscriptionId=` 9 | # 2. Change the `where` query to find the resource groups to delete e.g. `where tags !contains 'protect'` 10 | # 3. Run the command. You will be asked to confirm each deletion. 11 | 12 | # Description of the command: 13 | # az graph query -q "ResourceContainers | where type == 'microsoft.resources/subscriptions/resourcegroups'| where subscriptionId == '' \ # Query for RGs in a specific subscription 14 | # | where tags contains 'delete' \ # The condition for which RGs to return 15 | # | project name" | jq -r '.data[].name' \ # Returning the name of the RG and using jq to just get the name value 16 | # | xargs -I XXX -to az group delete -n XXX --no-wait # passing each name from the above query to 'az group delete', with the xargs '-to' args, we'll see the command and get to confirm to delete the RG 17 | 18 | # Full command below: 19 | #subscriptionId= 20 | #az graph query -q "ResourceContainers | where type == 'microsoft.resources/subscriptions/resourcegroups'| where subscriptionId == '${subscriptionId}' \ 21 | # | where tags contains 'delete' \ 22 | # | project name" | jq -r '.data[].name' \ 23 | # | xargs -I XXX -to az group delete -n XXX --no-wait 24 | --------------------------------------------------------------------------------