One of my favorite tools for deploying Azure resources is the Azure CLI. I find it very simple, well-documented, lightweight, and capable of running almost anywhere. Consequently, I use it personally, from my development machines to CI/CD deployment pipelines. Besides the commands that directly create or manage Azure resources, Azure CLI also supports deploying ARM or Bicep scripts.
To use Azure CLI from your development machine, you must first install it: Install Azure CLI.
Of course, in an automated deployment environment (such as GitHub, GitLab, etc.), the simplest approach is to use a deployment agent or a Docker image that includes Azure CLI.
To connect to Azure using Azure CLI, you need to use the az login
command. Several authentication methods exist, and the full list is provided in the Microsoft documentation. Personally, I regularly use:
However, regardless of the authentication method, the account must be authorized to perform the scripted operations.
This mode is particularly useful during the development phase. With this mode, you authenticate personally with an Entra ID account and can test your scripts directly from your development machine. However:
az login
This az cli command initiates an authentication process via your default browser. Once authentication is completed in the browser, you can return to your console.
This mode can be used from your development machine and/or from a platform like DevOps.
az login --service-principal -u $SP_CICD_CLIENT_ID -p "$CLIENT_SECRET_OR_CERTIFICATE_PATH" -t "$TENANT_ID"
To perform this authentication, you need to obtain a client secret or an SSL certificate associated with the service principal. For more information on the az login
command: Authenticate Azure CLI.
After authentication, the “az account set” command allows you to select the Azure subscription on which you want to deploy your resources:
az account set -s $AZURE_SUBSCRIPTION_ID
After authentication and selecting the appropriate subscription, you can deploy Azure resources using Azure CLI either by:
In the example below, the “az deployment group create” command is used to deploy a Bicep script to a resource group:
az deployment group create --resource-group "$RG_NAME" --template-file "./template.bicep" --parameters "./template.parameters.$ENVIRONMENT.json"
Note that the “–parameters” option allows you to provide a parameters file or directly specify key/value pairs. This is very useful for parameterizing your scripts according to your environments.