Az.Resources Module Cmdlets
The Az.Resources module provides cmdlets for managing Azure resources, resource groups, deployments, policies, and role assignments. This module is fundamental for interacting with the Azure Resource Manager (ARM) control plane.
Get-AzResource
Retrieves information about Azure resources.
Syntax
Get-AzResource -ResourceId "resource-id" | Get-AzResource -Name "resource-name" -ResourceType "resource-type"
Parameters
| Name | Description | Required |
|---|---|---|
-ResourceId |
The fully qualified ID of the resource. | True (if not using Name and ResourceType) |
-Name |
The name of the resource. | True (if not using ResourceId) |
-ResourceType |
The type of the resource. | True (if not using ResourceId) |
-ResourceGroupName |
The name of the resource group. | False |
-ODataQuery |
An OData filter query. | False |
Example:
Get-AzResource -Name "myStorageAccount" -ResourceType "Microsoft.Storage/storageAccounts"
New-AzResourceGroup
Creates a new resource group.
Syntax
New-AzResourceGroup -Name "resourceGroupName" -Location "location"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the resource group to create. | True |
-Location |
The Azure region where the resource group will be created. | True |
-Tag |
A hash table that assigns tags to the resource group. | False |
Example:
New-AzResourceGroup -Name "myResourceGroup" -Location "East US" -Tag <@{"Environment"="Development"}>
Remove-AzResourceGroup
Deletes a resource group.
Syntax
Remove-AzResourceGroup -Name "resourceGroupName"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the resource group to delete. | True |
-Force |
Suppresses confirmation prompts. | False |
-AsJob |
Run the cmdlet as a background job. | False |
Example:
Remove-AzResourceGroup -Name "myOldResourceGroup" -Force
Caution: Deleting a resource group will delete all resources contained within it. Use with extreme care.
Set-AzResourceGroup
Updates a resource group.
Syntax
Set-AzResourceGroup -Name "resourceGroupName" -Tag "newTags"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the resource group to update. | True |
-Tag |
A hash table to set tags for the resource group. Use @{} to clear existing tags. | True |
Example:
Set-AzResourceGroup -Name "myResourceGroup" -Tag <@{"Environment"="Production"; "Owner"="DevOpsTeam"}>
Get-AzResourceGroupDeployment
Retrieves information about resource group deployments.
Syntax
Get-AzResourceGroupDeployment -ResourceGroupName "resourceGroupName"
Parameters
| Name | Description | Required |
|---|---|---|
-ResourceGroupName |
The name of the resource group. | True |
-Name |
The name of the deployment. | False |
Remove-AzResourceGroupDeployment
Deletes a resource group deployment.
Syntax
Remove-AzResourceGroupDeployment -ResourceGroupName "resourceGroupName" -Name "deploymentName"
Parameters
| Name | Description | Required |
|---|---|---|
-ResourceGroupName |
The name of the resource group. | True |
-Name |
The name of the deployment to delete. | True |
-Force |
Suppresses confirmation prompts. | False |
Invoke-AzResourceGroupWait
Waits for a resource group deployment to complete.
Syntax
Invoke-AzResourceGroupWait -ResourceGroupName "resourceGroupName" -DeploymentName "deploymentName"
Parameters
| Name | Description | Required |
|---|---|---|
-ResourceGroupName |
The name of the resource group. | True |
-DeploymentName |
The name of the deployment to wait for. | True |
-MaxWaitSecond |
Maximum seconds to wait. | False |
Get-AzResourceProvider
Lists the resource providers registered for the current subscription.
Syntax
Get-AzResourceProvider
Parameters
| Name | Description | Required |
|---|---|---|
-ProviderNamespace |
The namespace of the resource provider. | False |
Register-AzResourceProvider
Registers a resource provider for the current subscription.
Syntax
Register-AzResourceProvider -ProviderNamespace "Microsoft.Storage"
Parameters
| Name | Description | Required |
|---|---|---|
-ProviderNamespace |
The namespace of the resource provider to register. | True |
Tip: You can check if a provider is registered using Get-AzResourceProvider -ProviderNamespace <namespace>.
Unregister-AzResourceProvider
Unregisters a resource provider for the current subscription.
Syntax
Unregister-AzResourceProvider -ProviderNamespace "Microsoft.Storage"
Parameters
| Name | Description | Required |
|---|---|---|
-ProviderNamespace |
The namespace of the resource provider to unregister. | True |
-Force |
Suppresses confirmation prompts. | False |
Note: You can only unregister a provider if there are no resources of that type deployed in your subscription.
Get-AzResourceTag
Gets all the tags for a specified resource.
Syntax
Get-AzResourceTag -ResourceId "resource-id"
Parameters
| Name | Description | Required |
|---|---|---|
-ResourceId |
The ID of the resource. | True |
Set-AzResourceTag
Sets the tags for a specified resource.
Syntax
Set-AzResourceTag -ResourceId "resource-id" -Tag "tags"
Parameters
| Name | Description | Required |
|---|---|---|
-ResourceId |
The ID of the resource. | True |
-Tag |
A hash table of tags to set. This overwrites existing tags. | True |
Remove-AzResourceTag
Removes tags from a specified resource.
Syntax
Remove-AzResourceTag -ResourceId "resource-id" -TagKeys "key1,key2"
Parameters
| Name | Description | Required |
|---|---|---|
-ResourceId |
The ID of the resource. | True |
-TagKeys |
A comma-separated list of tag keys to remove. | True |
Get-AzPolicyAssignment
Retrieves Azure policy assignments.
Syntax
Get-AzPolicyAssignment
Parameters
| Name | Description | Required |
|---|---|---|
-Scope |
The scope of the policy assignment (e.g., subscription, resource group). | False |
-PolicyAssignmentName |
The name of the policy assignment. | False |
New-AzPolicyAssignment
Creates a new Azure policy assignment.
Syntax
New-AzPolicyAssignment -Name "assignmentName" -PolicyDefinition "policy-definition-id" -Scope "scope"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy assignment. | True |
-PolicyDefinition |
The policy definition to assign. | True |
-Scope |
The scope for the policy assignment. | True |
Remove-AzPolicyAssignment
Deletes an Azure policy assignment.
Syntax
Remove-AzPolicyAssignment -Name "assignmentName" -Scope "scope"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy assignment to delete. | True |
-Scope |
The scope of the policy assignment. | True |
-Force |
Suppresses confirmation prompts. | False |
Set-AzPolicyAssignment
Updates an Azure policy assignment.
Syntax
Set-AzPolicyAssignment -Name "assignmentName" -Scope "scope" -Parameters "new-parameters"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy assignment. | True |
-Scope |
The scope of the policy assignment. | True |
-Parameters |
A hash table of parameters to update. | False |
Get-AzPolicyDefinition
Retrieves Azure policy definitions.
Syntax
Get-AzPolicyDefinition
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy definition. | False |
-ManagementGroupName |
The management group of the policy definition. | False |
New-AzPolicyDefinition
Creates a new Azure policy definition.
Syntax
New-AzPolicyDefinition -Name "definitionName" -DisplayName "My Policy" -Policy '{...}' -Description "Policy description"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy definition. | True |
-DisplayName |
The display name of the policy definition. | True |
-Policy |
The policy rule in JSON format. | True |
-Description |
A description for the policy definition. | False |
-Metadata |
Metadata for the policy definition. | False |
Remove-AzPolicyDefinition
Deletes an Azure policy definition.
Syntax
Remove-AzPolicyDefinition -Name "definitionName"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy definition to delete. | True |
-Force |
Suppresses confirmation prompts. | False |
Set-AzPolicyDefinition
Updates an Azure policy definition.
Syntax
Set-AzPolicyDefinition -Name "definitionName" -DisplayName "Updated Policy Name" -Description "Updated description"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy definition. | True |
-DisplayName |
The updated display name. | False |
-Description |
The updated description. | False |
-Policy |
The updated policy rule. | False |
Get-AzPolicySetDefinition
Retrieves Azure policy set definitions.
Syntax
Get-AzPolicySetDefinition
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy set definition. | False |
-ManagementGroupName |
The management group of the policy set definition. | False |
New-AzPolicySetDefinition
Creates a new Azure policy set definition.
Syntax
New-AzPolicySetDefinition -Name "policySetName" -DisplayName "My Policy Set" -Description "Policy set description" -PolicyDefinitionId "@policy1-id", "@policy2-id"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy set definition. | True |
-DisplayName |
The display name of the policy set definition. | True |
-Description |
A description for the policy set definition. | False |
-PolicyDefinitionId |
An array of policy definition IDs to include in the set. | True |
Remove-AzPolicySetDefinition
Deletes an Azure policy set definition.
Syntax
Remove-AzPolicySetDefinition -Name "policySetName"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy set definition to delete. | True |
-Force |
Suppresses confirmation prompts. | False |
Set-AzPolicySetDefinition
Updates an Azure policy set definition.
Syntax
Set-AzPolicySetDefinition -Name "policySetName" -DisplayName "Updated Policy Set Name" -Description "Updated description"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the policy set definition. | True |
-DisplayName |
The updated display name. | False |
-Description |
The updated description. | False |
-PolicyDefinitionId |
An array of policy definition IDs to update in the set. | False |
Get-AzRoleDefinition
Retrieves Azure role definitions.
Syntax
Get-AzRoleDefinition -Name "Reader"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the role definition. | False |
-Scope |
The scope for the role definition. | False |
New-AzRoleDefinition
Creates a custom Azure role definition.
Syntax
New-AzRoleDefinition -Name "CustomRole" -Description "Custom role for limited access" -Actions "Microsoft.Storage/storageAccounts/read" -NotActions "Microsoft.Storage/storageAccounts/delete" -AssignableScopes "/subscriptions/your-subscription-id"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the custom role. | True |
-Description |
A description for the custom role. | False |
-Actions |
An array of allowed actions. | False |
-NotActions |
An array of disallowed actions. | False |
-AssignableScopes |
An array of scopes where the role can be assigned. | True |
Remove-AzRoleDefinition
Deletes a custom Azure role definition.
Syntax
Remove-AzRoleDefinition -Name "CustomRole" -Scope "/subscriptions/your-subscription-id"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the custom role to delete. | True |
-Scope |
The scope of the role definition. | True |
-Force |
Suppresses confirmation prompts. | False |
Set-AzRoleDefinition
Updates a custom Azure role definition.
Syntax
Set-AzRoleDefinition -Name "CustomRole" -Scope "/subscriptions/your-subscription-id" -Actions "Microsoft.Storage/storageAccounts/read", "Microsoft.Compute/virtualMachines/read"
Parameters
| Name | Description | Required |
|---|---|---|
-Name |
The name of the custom role to update. | True |
-Scope |
The scope of the role definition. | True |
-Actions |
The updated list of allowed actions. | False |
-NotActions |
The updated list of disallowed actions. | False |
Get-AzRoleAssignment
Retrieves Azure role assignments.
Syntax
Get-AzRoleAssignment -ObjectId "object-id" -RoleDefinitionName "Reader"
Parameters
| Name | Description | Required |
|---|---|---|
-ObjectId |
The object ID of the principal to retrieve assignments for. | False |
-RoleDefinitionName |
The name of the role definition. | False |
-Scope |
The scope for the role assignment. | False |
New-AzRoleAssignment
Creates a new Azure role assignment.
Syntax
New-AzRoleAssignment -ObjectId "object-id" -RoleDefinitionName "Contributor" -Scope "/subscriptions/your-subscription-id"
Parameters
| Name | Description | Required |
|---|---|---|
-ObjectId |
The object ID of the principal to assign the role to. | True |
-RoleDefinitionName |
The name of the role to assign. | True |
-Scope |
The scope for the role assignment. | True |
-ApplicationId |
The application ID of the service principal. | False |
Remove-AzRoleAssignment
Removes an Azure role assignment.
Syntax
Remove-AzRoleAssignment -ObjectId "object-id" -RoleDefinitionName "Contributor" -Scope "/subscriptions/your-subscription-id"
Parameters
| Name | Description | Required |
|---|---|---|
-ObjectId |
The object ID of the principal. | True |
-RoleDefinitionName |
The name of the role definition. | True |
-Scope |
The scope of the role assignment. | True |
-Force |
Suppresses confirmation prompts. | False |