Deploying Azure Resources with Azure CLI

Oguzhan YIGIT
Published by Oguzhan YIGIT
Category : ARM Template / Bicep / DevOps
09/09/2024

One of my favorite tools for deploying Azure resources is the Azure CLI. I find it very simple, well-documented, lightweight, and capable of running almost anywhere. Consequently, I use it personally, from my development machines to CI/CD deployment pipelines. Besides the commands that directly create or manage Azure resources, Azure CLI also supports deploying ARM or Bicep scripts.

 

Installing Azure CLI

To use Azure CLI from your development machine, you must first install it: Install Azure CLI.

Of course, in an automated deployment environment (such as GitHub, GitLab, etc.), the simplest approach is to use a deployment agent or a Docker image that includes Azure CLI.

 

Authenticating with Azure CLI

To connect to Azure using Azure CLI, you need to use the az login command. Several authentication methods exist, and the full list is provided in the Microsoft documentation. Personally, I regularly use:

  • Interactive mode
  • A service principal

However, regardless of the authentication method, the account must be authorized to perform the scripted operations.

 

Interactive Authentication

This mode is particularly useful during the development phase. With this mode, you authenticate personally with an Entra ID account and can test your scripts directly from your development machine. However:

  • Your user account must be authorized to perform the operations you want.
  • In an automated environment like GitHub, you cannot use this mechanism.
az login

This az cli command initiates an authentication process via your default browser. Once authentication is completed in the browser, you can return to your console.

 

Authenticating with a Service Principal

This mode can be used from your development machine and/or from a platform like DevOps.

az login --service-principal -u $SP_CICD_CLIENT_ID -p "$CLIENT_SECRET_OR_CERTIFICATE_PATH" -t "$TENANT_ID"

To perform this authentication, you need to obtain a client secret or an SSL certificate associated with the service principal. For more information on the az login command: Authenticate Azure CLI.

 

Setting the Working Subscription

After authentication, the “az account set” command allows you to select the Azure subscription on which you want to deploy your resources:

az account set -s $AZURE_SUBSCRIPTION_ID

 

Deploying Services with Azure CLI

After authentication and selecting the appropriate subscription, you can deploy Azure resources using Azure CLI either by:

  • Using Azure CLI commands dedicated to resource manipulation (e.g., “az appservice plan create” to create an App Service Plan).
  • Using ARM or Bicep scripts with the “az deployment group create” command.

In the example below, the “az deployment group create” command is used to deploy a Bicep script to a resource group:

az deployment group create --resource-group "$RG_NAME" --template-file "./template.bicep" --parameters "./template.parameters.$ENVIRONMENT.json"

Note that the “–parameters” option allows you to provide a parameters file or directly specify key/value pairs. This is very useful for parameterizing your scripts according to your environments.