Skip to content

Instantly share code, notes, and snippets.

@iamsunny

iamsunny/important-azure-powershell-commands.md

Last active March 1, 2023 13:28
Show Gist options
  • Save iamsunny/e3cb2cfb633017c5c09cd5eea7b287bb to your computer and use it in GitHub Desktop.
Save iamsunny/e3cb2cfb633017c5c09cd5eea7b287bb to your computer and use it in GitHub Desktop.
Download ZIP
Important Azure PowerShell commands
Raw
important-azure-powershell-commands.md

Azure Cloud Shell has an up to date PowerShell instance

show current account in context

az account show

change the subscription in context

az account set --subscription

assign role to an existing ServicePrincipal for another resource group

authorize existing service principal for another resource group

az role assignment create --assignee -g --role Contributor

Set Azure Context to desired subscription

Set-AzureRmContext -SubscriptionId

Update ARR Affinity of Azure Web App

az webapp update --name --resource-group --client-affinity-enabled=false

Create Function App

az functionapp create -g -n -s --runtime dotnet --runtime dotnet --functions-version 3 --consumption-plan-location eastus2 --app-insights

Create Web App

az webapp create -g -p --runtime 'DOTNETCORE|3.1' -n

Create AppInsights

az monitor app-insights component create --app --location <location(eastus2)> --kind web -g --application-type web --retention-time 30

Update environment config

az webapp config set --name --resource-group --use-32bit-worker-process false

Update worker-process to 64 bit

az webapp update --name --resource-group --client-affinity-enabled=false

Start/Stop/Restart all web apps in a resource group

(Get-AzureRmWebApp -ResourceGroupName ).GetEnumerator() | Start-AzureRmWebApp (Get-AzureRmWebApp -ResourceGroupName ).GetEnumerator() | Stop-AzureRmWebApp (Get-AzureRmWebApp -ResourceGroupName ).GetEnumerator() | Restart-AzureRmWebApp

Set Azure Storage > Blob Container Access-Level

$storageAccount = Get-AzureRmStorageAccount -ResourceGroupName -Name $ctx = $storageAccount.Context

Set-AzureStorageContainerAcl -Name $Container.Name -Context $ctx -Permission Blob -PassThru #Blob/Container/Off

update App Service Plan for web-app or azure function

Set-AzureRmWebApp -Name "" -ResourceGroupName "" -AppServicePlan ""

assign existing service principal to new scope / add access permission for existing service principal to new resource group

it runs against the selected subscription. Service Principals are created at Active Directory level and can be associated across the tenant resources

New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName -ResourceGroupName -via cli method az role assignment create --assignee --resource-group --role Contributor

create azure function with App Insights set to existing one

az functionapp create -g -n -s --runtime dotnet --consumption-plan-location --app-insights --runtime dotnet --version 3.1

azcopy - clone storage account

azcopy copy 'https://.blob.core.windows.net/' 'https://.blob.core.windows.net/' --recursive --s2s-preserve-access-tier=false

azcopy - copy blobs from one container/folder to another container/folder

azcopy copy 'https://.blob.core.windows.net///*' 'https://.blob.core.windows.net///' --recursive --s2s-preserve-access-tier=false

delete Azure AD App

export ssl list in a resource group

  • az webapp config ssl list --resource --out tsv --query '[].[thumbprint,resourceGroup,expirationDate,issueDate,issuer,subjectName]' > .csv

download files from azure shell files

  • download -- example: "download ssl-list.csv"

Delete SSL certificate from resource group using thumbprint

  • az webapp config ssl delete -g --certificate-thumbprint

Show web app config

az webapp config show --name --resource-group --query '{name:name,use32BitWorkerProcess:use32BitWorkerProcess,netFrameworkVersion:netFrameworkVersion,http20Enabled:http20Enabled, alwaysOn:alwaysOn}' -o table

Delete role assignments

  • az role assignment delete --role "C-Application Insights Reader"

Delete role definition //delete the role assignments before deleting the role defintion

  • az role definition delete --name "C-Application Insights Reader"

Update the role definition

  • az role definition update --role-definition ./custom-role-application-insights-reader.json

####------ sample definition ------ ####------------------------------- { "assignableScopes": [ "/subscriptions/f73276ac-a000-462e-bb5b-d3c582ee19ef" ], "description": "This role allows access to Application Insights only", "id": "/subscriptions/f73276ac-a000-462e-bb5b-d3c582ee19ef/providers/Microsoft.Authorization/roleDefinitions/6672e0e3-8beb-4d4f-8cb1-f04ca006578c", "name": "6672e0e3-8beb-4d4f-8cb1-f04ca006578c", "permissions": [ { "actions": [ "Microsoft.Authorization//read", "Microsoft.Insights/alertRules/", "Microsoft.Insights/components/", "Microsoft.Insights/webtests/", "Microsoft.ResourceHealth/availabilityStatuses/read", "Microsoft.Resources/deployments/*", "Microsoft.Resources/subscriptions/resourceGroups/read", ], "dataActions": [], "notActions": [], "notDataActions": [] } ], "roleName": "C-Application Insights Reader", "roleType": "CustomRole", "type": "Microsoft.Authorization/roleDefinitions" }

Disable IP Masking in App Insights

add the following contents in body.txt file

{ "properties": { "DisableIpMasking": true } }

az rest --method patch --url https://management.azure.com/subscriptions//resourceGroups//providers/microsoft.insights/components/?api-version=2018-05-01-preview --headers Content-Type=application/json --body @body.json

Update function app properties

set "httpsOnly=true"

az functionapp update -n -g --set httpsOnly=true; //# add --slot for updating the slot property

Move function app from consumption-tier to paid app-service plan

update serverFarmId

az resource update -n -g --resource-type Microsoft.web/sites --api-version 2021-03-01 --set properties.serverFarmId="/subscriptions//resourceGroups//providers/Microsoft.Web/serverfarms/"

update sku

az resource update -n -g --resource-type Microsoft.web/sites --set properties.sku="PremiumV3" // change the SKU according to the desired App Service Plan

Integrate Virtual Network (VNET) to a web-app/function-app

az webapp vnet-integration add -g -n --vnet --subnet ;

Disable RouteAll property for VNET Integration

az webapp config set -g -n --vnet-route-all-enabled false

Remove VNET Integration from an app

az webapp vnet-integration remove -g -n

Quick way to install and Redis CLI using NPM

npm install -g redis-cli rdcli -h -p 6380 -a --tls true

KeyVault Operations

Set/Add KeyVault secret

az keyvault secret set --n --vault-name --value

Delete KeyVault secret

az keyvault secret delete -n --vault-name

Azure App Configuration operations

az appconfig kv set -n --key --value --yes

Azure Storage Account :Download all files in a container | one-liner command

  • login to your account before running the download (az login)

az storage blob download-batch -d . --pattern . -s --account-name --account-key

disable Ip Masking in Azure App insights | Azure CLI command

az resource update --ids --set properties.disableIpMasking=true

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment