Category: Azure CLI

Azure CLIDevOpsportal

Apply Tags to all of your Azure Resources

Today I’m doing an Azure Migration and consolidation for a client and they wanted to tag everything within the existing Resource Group where is it deployed before we started moving things around to other Resource Groups and Subscriptions. Two important notes:  first they didn’t mind if the RG has current TAGs, if it does then they can be added to the resources within that RG and they didn’t want to lose any of the existing TAGs on the resources.

So, first I tagged all of the Resource Groups with this tag:

KEY: OrginialRGName / Value: [NAME OF RESOURCE GROUP]

New Tag

Next, I used the following script to load all the resource groups into an array, read the currently assigned tag values on the resource group and the resources.  Finally, it will apply all the tags onto the resources which will now include the OriginalRGName tag and value.  This will be done to all resources in the subscription.


groups=$(az group list --query [].name --output tsv)
for rg in $groups
do
  jsontag=$(az group show -n $rg --query tags) || true
  t=$(echo $jsontag | tr -d '"{},' | sed 's/: /=/g') || true
  r=$(az resource list -g $rg --query [].id --output tsv) || true
  for resid in $r
  do
    jsonrtag=$(az resource show --id $resid --query tags) || true
    rt=$(echo $jsonrtag | tr -d '"{},' | sed 's/: /=/g') || true
    az resource tag --tags $t$rt --id $resid || true
  done
done

Notice how the Tags on the resource remained and my new tag, OriginalRGName is now put in place!

You might get some errors on resources that don’t show in the portal or support tags, like alerts for Azure montior, but these can be ignored. Give it a try on a test subscription and have fun TAGing!

@deltadan

Azure CLIInfrastructure

Securing Azure Virtual Machines using Network Security Groups (NSGs)

Security, Security!

This is top of mind for everyone these days and Azure has many security features.  Today we are going to explore the world of Network Security Groups (NSGs) and their use on Virtual Machines and traffic into and out of Virtual Networks.

A network security group (NSG) is a networking filter (firewall) containing a list of security rules allowing or denying network traffic to resources connected to Azure VNets. These rules can manage both inbound and outbound traffic. NSGs can be associated to subnets and/or individual Network Interfaces attached to ARM VMs and Classic VMs. Each NSG has the following properties regardless of where it is associated:

  • Name for the NSG
  • Azure region where the NSG is located
  • resource group
  • Rules either Inbound or Outboard defining what traffic is allowed or denied

When a NSG is associated to a subnet, the rules apply to all resources connected to the subnet. Traffic can be further restricted by also associating a NSG to a VM or NIC. NSGs that are associated to subnets are said to be filtering “North/South” traffic (in other words, packets flowing in and out of a subnet). NSGs that are associated to Network Interfaces are said to be filtering “East/West” traffic (in other words, how the VMs within the subnet connect to each other). Read More

Azure CLIInfrastructure

Azure CLI 2.0: Convert VM to Managed Disks

Traditionally, Azure Virtual Machines (VMs) would use an Azure Storage Account to store the VM Disk Images for the VM. This required explicit management of what Storage Accounts contained which and how many VM Disks; both OS Disks and Data Disks. To simplify the management of the VM Disks, Microsoft released a newer feature (that is now the recommended best practice) called Azure Managed Disks. Managed Disks allow you to store the VM Disk imaged (both OS and Data disks) in Azure without the need to manage what Storage Accounts are used. You simple create Managed Disks, and the Azure platform takes care of all the management and scalability necessary.

When creating a Virtual Machine in Microsoft Azure, you can choose whether to use Managed Disks or not. Even though this can be chosen now at creating time, you may still have a number of Virtual Machines that are not using Managed Disks. Thankfully, Microsoft has provided tooling within the Azure CLI that enables you to easily Convert a VM to use Managed Disks.

Let’s take a look at this below… Read More

Azure CLIInfrastructureportalPowerShell

Introducing the Azure Cloud Shell

The Azure Cloud Shell has been out for some time now, as an embedded Bash and PowerShell command-line shell / terminal within the Azure Portal. It really great to be able to use Azure command-line tools (Azure CLI & Azure PowerShell) from absolutely anywhere; including a smartphone or tablet with the native Azure mobile app. Now, the Azure Cloud Shell has gotten it’s own website so you can use it all by itself! Read More

Azure CLIInfrastructure

Azure CLI 2.0: Quickly Start / Stop ALL VMs

You can easily Start and Stop Virtual Machines (VMs) through the Azure Portal. Previously, I’ve written about the importance of Stopping unused VMs to save money and place them in a “Stopped (Deallocated)” state. While it’s easy and simple to do through the Azure Portal, it’s also time consuming if you have multiple VMs; especially if you have a dozen or more VMs. The following Azure CLI 2.0 tip will show you how you can easily use the Azure CLI to Start and Stop multiple VMs with a single command!

Before we get into how to Start, Stop and Deallocate Virtual Machines (VMs) in batches, we must first cover the basics of Starting, Stopping and Deallocating VMs one at a time. After those commands are defined and demonstrated, then you’ll have the foundation necessary to extend on that to do the batching. Please be patient as you read through as you’ll need to step through this to fully understand the end result. And, you’ll be glad you did once you get there as this will really enable you to be immensely more productive in your management of Azure Virtual Machines when it comes to Starting, Stopping, and Deallocating them. Read More

Azure CLI

Azure CLI 2.0: Make Bash Output More Readable

It can be extremely useful to use the Azure CLI to manage / manipulate your Azure resources from the command-line. However, many of the commands will output a large amount of JSON that can be extremely difficult to read at the command-line. When using the Azure CLI within the Bash shell, you can use a couple techniques to make the JSON output much more readable, and using these techniques will really increase your productivity at the command-line.
Read More

Azure CLIInfrastructure

Azure CLI 2.0: Reset / Change Azure VM Password

It’s very easy to spin up a Virtual Machine (VM) in Microsoft Azure. You can do it through the Azure Portal or with scripting tools such as the Azure CLI, Azure PowerShell cmdlets, and even ARM Templates. When you provision the new VM you need to set an Administrator username and password for the VM. You will use these login credentials to connect to and manage the VM. However, there are time when you either need to 1) change the password periodically, or 2) reset the password if you may have forgotten what it was. Thankfully, Azure makes the task of changing the password for a VM extremely easy to do from the management of your Azure Subscription. It can be done easily enough through the UI of the Azure Portal, however there are times when scripting and automation are necessary to fit your workflow best. Below you’ll find the simple, easy to use command to change / reset the password for a VM running in Azure. Both Windows and Linux VMs work the same way!
Read More

Azure CLI

Install Azure CLI 2.0 on macOS

The Azure CLI is the cross-platform, command-line tool for managing and automating cloud resources in Microsoft Azure. The tool is supported across macOS, Linux, Windows, and more newly usable from within a web browser in the Azure Portal. While you can run it in the browser now, there are certainly benefit from being able to run the Azure CLI from your local machine. One of these benefits is to easily execute bash scripts locally to perform automation and other tasks. This article will guide you through the step-by-step process of installing the Azure CLI 2.0 on macOS. Read More

Azure CLIInfrastructure

Azure CLI 2.0: Generate SAS Token for Blob in Azure Storage

Azure Storage is a cloud service at the very center of Microsoft Azure. It provides the foundations for storing data in many services and systems within the Azure cloud platform. You can use Azure Blob Storage to store any binary data such as files, images, backups, .vhd’s, videos, and pretty much any other file. The Azure Blob Storage will secure all blobs / files by default where they can’t be access without a key. You can configure the service to allow anonymous access to blobs, however, there are many circumstances that you want to securely share a file with Azure Blob Storage.
Read More

Azure CLIInfrastructure

Azure CLI 2.0: Reset Azure SQL Database Password

The Azure SQL Database service allows you to set an Admin login and password when you provision a database server in the service. However, if you happen to forget the password for the Azure SQL Database server, it can be problematic. There is an option in the UI of the Azure Portal to reset this admin password. However, there may be times when you want to update the password from the command-line or in an automated fashion. Perhaps, you may want to automate the updating of the admin password for your Azure SQL Database servers periodically. Thankfully, there is a command in the Azure CLI 2.0 that does support updating or changing the password. Read More