Azure CLI Best Practices
Leverage the Azure Command-Line Interface (CLI) effectively by adhering to these best practices. This guide will help you write more robust, maintainable, and efficient scripts.
1. Use Scripting for Automation
The Azure CLI is designed for scripting. Avoid interactive usage for repeatable tasks. Instead, write shell scripts (Bash, PowerShell, Zsh) that call Azure CLI commands.
# Example: Deploying a web app and configuring settings in a script
az group create --name myResourceGroup --location eastus
az appservice plan create --name myAppServicePlan --resource-group myResourceGroup --sku B1 --is-linux
az webapp create --name myUniqueWebAppName --resource-group myResourceGroup --plan myAppServicePlan
az webapp config appsettings set --name myUniqueWebAppName --resource-group myResourceGroup --settings WEBSITES_ENABLE_APP_SERVICE_STORAGE=false
2. Parameterize Your Scripts
Hardcoding values makes scripts inflexible. Use script variables, command-line arguments, or environment variables to pass dynamic values like resource names, locations, and SKUs.
#!/bin/bash
RESOURCE_GROUP_NAME="myDynamicRG"
LOCATION="westus2"
APP_SERVICE_PLAN_NAME="myDynamicPlan"
az group create --name $RESOURCE_GROUP_NAME --location $LOCATION
az appservice plan create --name $APP_SERVICE_PLAN_NAME --resource-group $RESOURCE_GROUP_NAME --location $LOCATION --sku F1
3. Leverage Output Formatting
The Azure CLI supports various output formats (`json`, `table`, `tsv`, `yaml`). Use `json` for programmatic consumption and `table` for human readability. Customize the output to include only the fields you need.
# Get resource group names in JSON format
az group list --output json
# Get specific properties of web apps in a table format
az webapp list --resource-group myResourceGroup --query "[].{Name:name, State:state, Url:defaultHostName}" --output table
4. Use Aliases and Configuration
Customize your CLI experience with aliases and configurations. Set default values for locations, resource groups, and output formats to reduce command length and repetition.
# Set default resource group and location
az configure --defaults group=myDefaultResourceGroup location=centralus
# You can then run commands like:
az vm create --name myVM --image UbuntuLTS
# Check your configuration
az configure --list-defaults
AZURE_DEFAULT_GROUP and AZURE_DEFAULT_LOCATION for the same effect.
5. Error Handling and Idempotency
Ensure your scripts can handle failures. Check exit codes of commands and implement retry logic where appropriate. Design commands to be idempotent, meaning running them multiple times has the same effect as running them once.
# Example of checking exit code
az group create --name myResourceGroup --location eastus
if [ $? -ne 0 ]; then
echo "Failed to create resource group."
exit 1
fi
# Many Azure CLI commands are idempotent by default (e.g., create if not exists)
6. Keep Your CLI Updated
New features, bug fixes, and security updates are released regularly. Ensure you are using the latest version of the Azure CLI to benefit from improvements and stay secure.
az upgrade
7. Use Named Values for Secrets
For sensitive information, use Azure Key Vault and reference secrets using the Azure CLI. Avoid storing secrets directly in scripts or configuration files.
# Example: Retrieving a secret from Key Vault
SECRET_VALUE=$(az keyvault secret show --vault-name myKeyVault --name mySecretName --query value -o tsv)
echo "The secret is: $SECRET_VALUE"
8. Leverage `--yes` for Non-Interactive Operations
When running scripts, you often don't want to be prompted for confirmation. Use the `--yes` (or `-y`) flag to automatically confirm operations.
# Delete a resource group without prompting
az group delete --name myResourceGroup --yes
9. Modularize and Reuse
Break down complex deployments into smaller, reusable scripts or templates. This improves readability, testability, and maintainability.
10. Understand Resource Manager Templates (ARM/Bicep)
While the Azure CLI is powerful for imperative command execution, for complex infrastructure deployments, consider using declarative tools like ARM templates or Bicep. The Azure CLI can deploy these templates.
# Deploy an ARM template
az deployment group create --resource-group myResourceGroup --template-file main.json