- Azure Container Registry
- Azure Container Instances
- Azure App Service
- Azure Functions
- Azure Blob Storage
- Azure Cosmos DB
- API Management
- Event Grid
- Event Hub
- Service Bus
- Azure Queue Storage
- Microsoft Entra ID
- Managed Identities
- Azure Key Vault
- Redis
- CDN
- Azure Container Apps
- Application Insights
Azure CLI Masterclass for AZ-204 Services
Azure Container Registry
az acr
Create an Azure Container Registry
1
2
3
| az group create --location eastus --resource-group cloudengineerskillsrg
az acr create --location eastus --name cloudengineerskillsregistry --resource-group cloudengineerskillsrg --sku Standard
az acr login --name cloudengineerskillsregistry
|
Push, Pull and Run Docker Images with Azure Container Registry
1
2
3
4
5
6
7
| docker pull hello-world
docker tag hello-world cloudengineerskillsregistry.azurecr.io/hello-world:v1
docker push cloudengineerskillsregistry.azurecr.io/hello-world:v1
docker rmi cloudengineerskillsregistry.azurecr.io/hello-world:v1 # remove the local copy of the image
az acr repository list --name cloudengineerskillsregistry
az acr repository show-tags --name cloudengineerskillsregistry --repository hello-world
docker run cloudengineerskillsregistry.azurecr.io/hello-world:v1
|
Build Docker Images in the cloud with Azure Container Registry
1
2
3
| az acr build --registry cloudengineerskillsregistry --image helloacrtasks:v1 .
az acr repository list --name cloudengineerskillsregistry
docker run cloudengineerskillsregistry.azurecr.io/helloacrtasks:v1
|
Run Docker Images in the cloud with Azure Container Registry
1
2
3
| az acr build --registry cloudengineerskillsregistry --image sample/hello-world:v1 --file Dockerfile2 .
az acr repository list --name cloudengineerskillsregistry
az acr run --registry cloudengineerskillsregistry --cmd 'cloudengineerskillsregistry.azurecr.io/sample/hello-world:v1' /dev/null
|
Deploy Azure Container Instance from Azure Container Registry
1
2
3
4
| az acr update -n cloudengineerskillsregistry --admin-enabled true
az acr credential show --name cloudengineerskillsregistry
az container create --resource-group cloudengineerskillsrg --name acr-tasks --image cloudengineerskillsregistry.azurecr.io/helloacrtasks:v1 --registry-login-server cloudengineerskillsregistry.azurecr.io --ip-address Public --location eastus --registry-username "cloudengineerskillsregistry" --registry-password "d6fU95JjmQjQUIE0hgvVGILf74dyqkA5MjiU7rhTQI+ACRC1OloM"
az container show --resource-group cloudengineerskillsrg --name acr-tasks --query ipAddress.ip --output table
|
Replicate Azure Container Registry to another region
- Note: replication requires Premium SKU.
1
2
3
| az acr update --name cloudengineerskillsregistry --sku Premium
az acr replication create --registry cloudengineerskillsregistry --location japaneast
az acr replication list --registry cloudengineerskillsregistry --output table
|
Clean Up Resources
1
2
3
4
5
6
| az container delete --name acr-tasks --resource-group cloudengineerskillsrg
az acr repository delete --name cloudengineerskillsregistry --image hello-world:v1
az acr repository delete --name cloudengineerskillsregistry --image helloacrtasks:v1
az acr repository delete --name cloudengineerskillsregistry --image sample/hello-world:v1
az acr delete -n cloudengineerskillsregistry
az group delete --resource-group cloudengineerskillsrg
|
Azure Container Instances
az container
Create a Resource Group
1
| az group create --name cloudengineerskillsrg --location eastus
|
Create an Azure Container Registry
Note: you will run into DockerHub rate limiting issues if you use an az container create command to get an image from DockerHub as I am guessing the IP address is shared and the Docker Hub rate limit is being consistently breached. To get around pull the container image you want to use from DockerHub into Azure Container Registry first.
1
2
3
4
5
6
7
8
| az acr create --location eastus --name cloudengineerskillsregistry --resource-group cloudengineerskillsrg --sku Basic
az acr login --name cloudengineerskillsregistry
docker pull nginx:latest
docker tag nginx cloudengineerskillsregistry.azurecr.io/nginx:latest
docker push cloudengineerskillsregistry.azurecr.io/nginx:latest
az acr repository list --name cloudengineerskillsregistry
az acr update -n cloudengineerskillsregistry --admin-enabled true
az acr credential show --name cloudengineerskillsregistry
|
Create a Container
1
2
3
| az container create --resource-group cloudengineerskillsrg --cpu 1 --memory 1 --name mycontainer --image cloudengineerskillsregistry.azurecr.io/nginx:latest --dns-name-label nginx-aci --ports 80 --registry-username "cloudengineerskillsregistry" --registry-password "acrpassword"
az container list --resource-group cloudengineerskillsrg --output table
az container show --resource-group cloudengineerskillsrg --name mycontainer --query "{FQDN:ipAddress.fqdn,ProvisioningState:provisioningState}" --out table
|
Access Logs
1
2
| az container logs --resource-group cloudengineerskillsrg --name mycontainer
az container attach --resource-group cloudengineerskillsrg --name mycontainer
|
Stop, Start, and Restart a Container Instance
1
2
3
4
5
6
7
8
| az container stop --name mycontainer --resource-group cloudengineerskillsrg
az container show --resource-group cloudengineerskillsrg --name mycontainer --query "{name:name, State:instanceView.state}"
az container start --name mycontainer --resource-group cloudengineerskillsrg
az container show --resource-group cloudengineerskillsrg --name mycontainer --query "{name:name, State:instanceView.state}"
az container restart --name mycontainer --resource-group cloudengineerskillsrg
az container show --resource-group cloudengineerskillsrg --name mycontainer
|
Mount a File Share as a Volume on a Container Instance
1
2
3
4
5
| az storage account create --resource-group cloudengineerskillsrg --name cloudengineerskillssa123 --location eastus --sku Standard_LRS
az storage share create --name cloudengineerskillsfileshare --account-name cloudengineerskillssa123
az storage account keys list --resource-group cloudengineerskillsrg --account-name cloudengineerskillssa123 --query "[0].value" --output tsv
az container create --resource-group cloudengineerskillsrg --name mycontainer2 --image mcr.microsoft.com/azuredocs/aci-hellofiles --dns-name-label aci-file-share --ports 80 --azure-file-volume-account-name cloudengineerskillssa123 --azure-file-volume-account-key "storageAccountKey" --azure-file-volume-share-name cloudengineerskillsfileshare --azure-file-volume-mount-path /aci/logs/
az container show --resource-group cloudengineerskillsrg --name mycontainer2 --query "{FQDN:ipAddress.fqdn,ProvisioningState:provisioningState}" --out table
|
Run a Container Instance with a Restart Policy
Restart Policy options: Always, Never, and OnFailure
1
2
3
| az container create --resource-group cloudengineerskillsrg --name mycontainer3 --image mcr.microsoft.com/azuredocs/aci-wordcount:latest --restart-policy OnFailure
az container show --resource-group cloudengineerskillsrg --name mycontainer3 --query containers[0].instanceView.currentState.state
az container logs --resource-group cloudengineerskillsrg --name mycontainer3
|
Provide Environment Variables to a Container Instance
Passing Non Sensitive Environment Variables
1
2
| az container create --resource-group cloudengineerskillsrg --name mycontainer4 --image mcr.microsoft.com/azuredocs/aci-wordcount:latest --restart-policy OnFailure --environment-variables NumWords=5 MinLength=8
az container show --resource-group cloudengineerskillsrg --name mycontainer4 --query 'containers[].environmentVariables'
|
Passing Sensitive Environment
1
2
| az container create --resource-group cloudengineerskillsrg --file secure-env.yaml
az container show --resource-group cloudengineerskillsrg --name mycontainergroup --query 'containers[].environmentVariables'
|
Clean Up Resources
1
2
3
4
5
6
7
| az container delete --resource-group cloudengineerskillsrg --name mycontainer
az container delete --resource-group cloudengineerskillsrg --name mycontainer2
az container delete --resource-group cloudengineerskillsrg --name mycontainer3
az container delete --resource-group cloudengineerskillsrg --name mycontainer4
az container delete --resource-group cloudengineerskillsrg --name mycontainergroup
az acr delete -n cloudengineerskillsregistry
az group delete --resource-group cloudengineerskillsrg
|
Azure App Service
az appservice
az webapp
az staticwebapp
Create an App Service Plan
1
2
| az group create --resource-group cloudengineerskillsrg --location westus
az appservice plan create -g cloudengineerskillsrg -n plan --location westus --is-linux --number-of-workers 1 --sku S1
|
Create a Web App from a Public DockerHub Image
1
| az webapp create -g cloudengineerskillsrg -p plan -n cloudengineerskillsnginx -i nginx
|
Create a Web App from a Azure Container Registry Image
1
| az webapp create -g MyResourceGroup -p MyPlan -n MyUniqueAppName -i myregistry.azurecr.io/docker-image:tag
|
Clean Up Resources
1
| az group delete --resource-group cloudengineerskillsrg
|
Azure Functions
az functionapp
Azure Blob Storage
az storage
Create a Standard General Purpose V2 Storage Account
1
2
3
| az group create --resource-group cloudengineerskillsrg --location eastus
az storage account create -n cloudengineerskillssa123 -g cloudengineerskillsrg -l eastus --sku Standard_LRS --kind StorageV2
az storage account list -g cloudengineerskillsrg
|
Create a Storage Account Container
1
2
| az storage container create -n mystoragecontainer --account-name cloudengineerskillssa123 --resource-group cloudengineerskillsrg
az storage container list --account-name cloudengineerskillssa123
|
Upload Blob to Container
- Note: you require the Storage Blob Data Contributor role to upload a blob into a storage container, this may take a few minutes to assign it to you after running the command below
1
2
3
4
5
| az ad signed-in-user show --query id -o tsv | az role assignment create --role "Storage Blob Data Contributor" --assignee "@-" --scope "/subscriptions/<subscription>/resourceGroups/<resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account>"
az storage blob upload --account-name cloudengineerskillssa123 --container-name mystoragecontainer --name myFile.txt --file myFile.txt --auth-mode login
az storage blob list --account-name cloudengineerskillssa123 --container-name mystoragecontainer --output table --auth-mode login
|
Download a Blob
1
2
3
| az storage blob list --account-name cloudengineerskillssa123 --container-name mystoragecontainer --output table --auth-mode login
az storage blob download --account-name cloudengineerskillssa123 --container-name mystoragecontainer --name myFile.txt --file myFileDest.txt --auth-mode login
|
Clean Up Resources
1
2
3
4
| az storage blob delete --account-name cloudengineerskillssa123 -c mystoragecontainer -n myFile.txt --auth-mode login
az storage container delete --account-name cloudengineerskillssa123 --name mystoragecontainer --auth-mode login
az storage account delete -n cloudengineerskillssa123 -g cloudengineerskillsrg
az group delete --name cloudengineerskillsrg
|
Azure Cosmos DB
az cosmosdb
Create a NoSQL Azure Cosmos DB Account
1
2
3
| az group create --resource-group cloudengineerskillsrg --location eastus
az cosmosdb create --name "cloudengineerskillsdbaccount" --resource-group cloudengineerskillsrg --enable-free-tier true --kind GlobalDocumentDB
az cosmosdb list --resource-group cloudengineerskillsrg
|
Create a Database
1
2
| az cosmosdb sql database create --name cloudengineerskillsdb --account-name cloudengineerskillsdbaccount --resource-group cloudengineerskillsrg
az cosmosdb sql database list --account-name cloudengineerskillsdbaccount --resource-group cloudengineerskillsrg
|
Create a Container
1
2
| az cosmosdb sql container create -g cloudengineerskillsrg -a cloudengineerskillsdbaccount -d cloudengineerskillsdb -n items --partition-key-path "/category"
az cosmosdb sql container list --account-name cloudengineerskillsdbaccount --database-name cloudengineerskillsdb --resource-group cloudengineerskillsrg
|
Clean Up Resources
1
2
3
4
| az cosmosdb sql container delete --name items --account-name cloudengineerskillsdbaccount --database-name cloudengineerskillsdb --resource-group cloudengineerskillsrg
az cosmosdb sql database delete --name cloudengineerskillsdb --account-name cloudengineerskillsdbaccount --resource-group cloudengineerskillsrg
az cosmosdb delete --name "cloudengineerskillsdbaccount" --resource-group cloudengineerskillsrg
az group delete --name cloudengineerskillsrg
|
API Management
az apim
1
2
3
4
| az group create --resource-group cloudengineerskillsrg --location eastus
az apim create --name myapim --resource-group cloudengineerskillsrg --publisher-name CloudEngineerSkills --publisher-email [email protected]
az apim show --name myapim --resource-group cloudengineerskillsrg --output table
az group delete --name cloudengineerskillsrg
|
Event Grid
az eventgrid
Event Hub
az eventhubs
Service Bus
az servicebus
Azure Queue Storage
az storage queue
Azure Key Vault
az keyvault
1
2
3
4
5
6
| az group create --resource-group cloudengineerskillsrg --location eastus
az keyvault create --name cloudengineerskillskv --resource-group cloudengineerskillsrg --location eastus --sku standard
az ad signed-in-user show --query id -o tsv | az role assignment create --role "Key Vault Administrator" --assignee "@-" --scope "/subscriptions/{subscriptionid}/resourcegroups/{resource-group-name}"
az keyvault secret set --vault-name cloudengineerskillskv --name "MySecret" --value "secretsecret"
az keyvault secret show --name "MySecret" --vault-name cloudengineerskillskv
az group delete --resource-group cloudengineerskillsrg
|
Redis
Managed Identity
System Assigned Managed Identity
1
2
3
4
5
6
7
8
9
10
| az vm create --resource-group myResourceGroup \
--name myVM --image win2016datacenter \
--generate-ssh-keys \
--assign-identity \
--role contributor \
--scope mySubscription \
--admin-username azureuser \
--admin-password myPassword12
az vm identity assign -g myResourceGroup -n myVm
|
User Assigned Managed Identity
- https://learn.microsoft.com/en-us/cli/azure/role/assignment?view=azure-cli-latest
1
2
3
4
5
6
7
8
9
10
11
12
13
| az group create --resource-group cloudengineerskillsrg --location eastus
az identity create --name MyIdentity --resource-group cloudengineerskillsrg
az identity list --resource-group cloudengineerskillsrg
az vm create \
--resource-group <RESOURCE GROUP> \
--name <VM NAME> \
--image Ubuntu2204 \
--admin-username <USER NAME> \
--admin-password <PASSWORD> \
--assign-identity <USER ASSIGNED IDENTITY NAME> \
--role <ROLE> \
--scope <SUBSCRIPTION>
az group delete --resource-group cloudengineerskillsrg
|
System Assigned Managed Identity