Azure CLI Installation Instructions: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=apt
CLI Login Help: https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli
For ZSH, use the following to login via Web Browser:
read -s "AZ_PASS?Azure password: " && echo && az login -u $MY_AZURE_USERNAME -p $AZ_PASS
Note BASH and ZSH implements
read
differently. More info can be found here
References:
- https://learn.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli#4-sign-in-using-a-service-principal
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/service_principal_client_certificate
- https://www.programonaut.com/how-to-easily-create-an-azure-service-principal-step-by-step/
To start, create the application in the Azure Console as described in the Terraform link. In this scenario, the "application" is our CLI user (or principle)
note What is an Azure service principal? An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access The roles assigned to the service principal restrict access. This gives you control over which resources can be accessed and at what level. to the service principal, giving you control over which resources can be accessed and at which level. For security reasons, it's always recommended to use service principals with automated tools rather than allowing them to sign in with a user identity.
note Create a key vault and assign appropriate role in order to ass a certificate. See https://stackoverflow.com/questions/69971341/unable-to-create-secrets-in-azure-key-vault-if-using-azure-role-based-access-con
warning Below is not yet working 100%
# Ensure the principle and resource group exists
# Sign in using the certificate
az ad sp create-for-rbac --name CommindLine --role Contributor --scopes /subscriptions/...../resourceGroups/rg-common
# Record the output:
{
"appId": "...",
"displayName": "CommindLine",
"password": "...",
"tenant": "..."
}
# Record the password in the environment variable AZURE_CLI_PASSWORD
# Grant permissions:
az role assignment create --assignee "$AZURE_CLI_APPLICATION_ID" --role Contributor --scope /subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/rg-common
{
"condition": null,
"conditionVersion": null,
"createdBy": "...",
"createdOn": "2023-08-13T17:22:46.668620+00:00",
"delegatedManagedIdentityResourceId": null,
"description": null,
"id": "/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/rg-common/providers/Microsoft.Authorization/roleAssignments/...",
"name": "...",
"principalId": "...",
"principalName": "...",
"principalType": "ServicePrincipal",
"resourceGroup": "rg-common",
"roleDefinitionId": "/subscriptions/$AZURE_SUBSCRIPTION_ID/providers/Microsoft.Authorization/roleDefinitions/...",
"roleDefinitionName": "Contributor",
"scope": "/subscriptions/$AZURE_SUBSCRIPTION_ID/resourceGroups/rg-common",
"type": "Microsoft.Authorization/roleAssignments",
"updatedBy": "...",
"updatedOn": "2023-08-13T17:22:46.668620+00:00"
}
# Login
az login --service-principal -u $AZURE_CLI_APPLICATION_ID -p "$AZURE_CLI_PASSWORD" --tenant "$AZURE_CLI_APPLICATION_TENANT_ID"
[
{
"cloudName": "AzureCloud",
"homeTenantId": "...",
"id": "...",
"isDefault": true,
"managedByTenants": [],
"name": "...",
"state": "Enabled",
"tenantId": "...",
"user": {
"name": "...",
"type": "servicePrincipal"
}
}
]
Use the -o
or --output
switch. Common options:
json
(should be the default)yaml
table
Online documentation: https://learn.microsoft.com/en-us/cli/azure/account?view=azure-cli-latest
Command:
az account show
Command:
az account tenant list
References:
- Documentation Home: https://learn.microsoft.com/en-us/azure/app-service/overview
- Quick Start (Python Flask): Current Link
- Pricing (relevant to select the appropriate plan for the
--sku
option): https://azure.microsoft.com/en-us/pricing/details/app-service/linux/
Note Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Node.js, PHP, and Python. Applications run and scale with ease on both Windows and Linux-based environments.
Quick Actions (One Liners):
Description | Command | Notes |
---|---|---|
List runtime environments | az webapp list-runtimes --os linux --output table |
- |
List location availability for a SKU | az appservice list-locations --sku F1 --linux-workers-enabled -o table |
- |