Azure CLI Command Reference
A quick reference for all Azure CLI commands used in the RoundTrip production infrastructure setup. Keep this handy — these are the commands you'll reach for repeatedly.
Logging
# Development logging
az webapp log tail --name app-roundtrip-dev --resource-group rg-roundtrip-dev
# Production logging
az webapp log tail --name app-roundtrip-production --resource-group rg-roundtrip-production
Authentication
# Login to Azure (opens browser)
az login
# Login allowing no subscriptions (useful for MFA issues)
az login --allow-no-subscriptions
# Login to a specific tenant
az login --tenant TENANT_ID
# Show current account and subscription
az account show
# List all subscriptions
az account list --all --output table
# Set active subscription
az account set --subscription SUBSCRIPTION_ID
Resource Group
# Create resource group
az group create \
--name rg-roundtrip-production \
--location centralus \
--tags project=roundtrip environment=production owner=pete.carroll
# List all resource groups
az group list --output table
# Delete resource group (and ALL resources inside it — use with caution)
az group delete --name rg-roundtrip-production --yes
App Service
# Create App Service Plan
az appservice plan create \
--name plan-roundtrip-production \
--resource-group rg-roundtrip-production \
--location centralus \
--sku B1 \
--is-linux
# Create App Service
az webapp create \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--plan plan-roundtrip-production \
--runtime "DOTNETCORE|10.0"
# Enable managed identity
az webapp identity assign \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production
# Show managed identity principal ID
az webapp identity show \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--query principalId -o tsv
# Set application settings (Key Vault references)
az webapp config appsettings set \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--settings KEY="VALUE"
# List all application settings
az webapp config appsettings list \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production
# Delete an application setting
az webapp config appsettings delete \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--setting-names SETTING_NAME
# Set runtime version
az webapp config set \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--linux-fx-version "DOTNETCORE|10.0"
# Start / Stop / Restart
az webapp start --name app-roundtrip-production --resource-group rg-roundtrip-production
az webapp stop --name app-roundtrip-production --resource-group rg-roundtrip-production
az webapp restart --name app-roundtrip-production --resource-group rg-roundtrip-production
# Show app state
az webapp show \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--query "state" -o tsv
# Tail live logs
az webapp log tail \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production
# Download logs as zip
az webapp log download \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--log-file app-logs.zip
Deployment
# Publish the .NET app
dotnet publish src/RoundTrip.API.Web \
--configuration Release \
--output ./publish
# Zip the publish output
cd publish
zip -r ../roundtrip-api.zip .
cd ..
# Deploy zip to App Service
az webapp deploy \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--src-path roundtrip-api.zip \
--type zip
# Clean up publish artifacts
rm -rf publish roundtrip-api.zip
SQL Server and Database
# Create SQL Server
az sql server create \
--name sql-roundtrip-prod \
--resource-group rg-roundtrip-prod \
--location centralus \
--admin-user roundtrip-admin \
--admin-password YOUR_PASSWORD
# Reset SQL admin password
az sql server update \
--name sql-roundtrip-prod \
--resource-group rg-roundtrip-prod \
--admin-password YOUR_NEW_PASSWORD
# Create firewall rule for Azure services
az sql server firewall-rule create \
--name AllowAzureServices \
--resource-group rg-roundtrip-prod \
--server sql-roundtrip-prod \
--start-ip-address 0.0.0.0 \
--end-ip-address 0.0.0.0
# Add your local IP to firewall (for DataGrip / local tools)
MY_IP=$(curl -s https://api.ipify.org)
az sql server firewall-rule create \
--name LocalDev \
--resource-group rg-roundtrip-prod \
--server sql-roundtrip-prod \
--start-ip-address "$MY_IP" \
--end-ip-address "$MY_IP"
# Remove local IP firewall rule when done
az sql server firewall-rule delete \
--name LocalDev \
--resource-group rg-roundtrip-prod \
--server sql-roundtrip-prod
# Run EF Core migrations against production database
dotnet ef database update \
--project src/RoundTrip.API.Infrastructure \
--startup-project src/RoundTrip.API.Web \
--connection 'Server=tcp:sql-roundtrip-prod.database.windows.net,1433;Initial Catalog=sqldb-roundtrip-prod;User ID=roundtrip-admin;Password=YOUR_PASSWORD;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;'
# Update EF tools
dotnet tool update --global dotnet-ef
Storage Account
# Create storage account
az storage account create \
--name stroundtripprod \
--resource-group rg-roundtrip-production \
--location centralus \
--sku Standard_LRS \
--kind StorageV2 \
--min-tls-version TLS1_2 \
--allow-blob-public-access false
# Get storage account key
az storage account keys list \
--account-name stroundtripprod \
--resource-group rg-roundtrip-production \
--query "[0].value" -o tsv
# Get storage connection string
az storage account show-connection-string \
--name stroundtripprod \
--resource-group rg-roundtrip-production \
--query connectionString -o tsv
# Create blob container
az storage container create \
--name invoices \
--account-name stroundtripprod \
--account-key YOUR_KEY
Redis Cache
# Create Redis Cache (takes 10-15 minutes)
az redis create \
--name redis-roundtrip-prod \
--resource-group rg-roundtrip-production \
--location centralus \
--sku Basic \
--vm-size c0
# Get Redis primary key
az redis list-keys \
--name redis-roundtrip-prod \
--resource-group rg-roundtrip-production \
--query primaryKey -o tsv
Key Vault
# Create Key Vault
az keyvault create \
--name kv-roundtrip-prod \
--resource-group rg-roundtrip-production \
--location centralus \
--sku standard
# Grant App Service read access (RBAC mode)
APP_IDENTITY=$(az webapp identity show \
--name app-roundtrip-prod \
--resource-group rg-roundtrip-production \
--query principalId -o tsv)
KV_ID=$(az keyvault show \
--name kv-roundtrip-prod \
--resource-group rg-roundtrip-production \
--query id -o tsv)
az role assignment create \
--role "Key Vault Secrets User" \
--assignee-object-id "$APP_IDENTITY" \
--assignee-principal-type ServicePrincipal \
--scope "$KV_ID"
# Grant your CLI session write access (RBAC mode)
MY_ID=$(az ad signed-in-user show --query id -o tsv)
az role assignment create \
--role "Key Vault Secrets Officer" \
--assignee-object-id "$MY_ID" \
--assignee-principal-type User \
--scope "$KV_ID"
# Store a secret
az keyvault secret set \
--vault-name kv-roundtrip-production \
--name "SECRET-NAME" \
--value 'SECRET-VALUE'
# Store a secret from a file (use for values with special characters)
az keyvault secret set \
--vault-name kv-roundtrip-production \
--name "SECRET-NAME" \
--file ~/secret.txt
# Show a secret value
az keyvault secret show \
--vault-name kv-roundtrip-production \
--name "SECRET-NAME" \
--query value -o tsv
# List all secrets
az keyvault secret list \
--vault-name kv-roundtrip-production \
--query "[].name" -o tsv
# Delete a secret
az keyvault secret delete \
--vault-name kv-roundtrip-production \
--name "SECRET-NAME"
Application Insights
# Create Log Analytics Workspace
az monitor log-analytics workspace create \
--workspace-name log-roundtrip-production \
--resource-group rg-roundtrip-production \
--location centralus
# Create Application Insights
az monitor app-insights component create \
--app appi-roundtrip-prod \
--resource-group rg-roundtrip-production \
--location centralus \
--workspace LOG_ANALYTICS_ID
# Get App Insights connection string
az monitor app-insights component show \
--app appi-roundtrip-prod \
--resource-group rg-roundtrip-production \
--query connectionString -o tsv
Health Check
# Quick health check via curl
curl https://app-roundtrip-production.azurewebsites.net/health
# Check app state via CLI
az webapp show \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--query "state" -o tsv
Password Rotation (after a credential exposure)
# Step 1 — Reset SQL admin password
az sql server update \
--name sql-roundtrip-prod \
--resource-group rg-roundtrip-production \
--admin-password "YOUR_NEW_PASSWORD"
# Step 2 — Create connection string file (use text editor, not terminal)
# File contents (one line, no line breaks):
# Server=tcp:sql-roundtrip-prod.database.windows.net,1433;Initial Catalog=sqldb-roundtrip-prod;User ID=roundtrip-admin;Password=NEW_PASSWORD;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;
# Step 3 — Update Key Vault secret from file
az keyvault secret set \
--vault-name kv-roundtrip-prod \
--name "ConnectionStrings--Default" \
--file ~/conn.txt
# Step 4 — Delete the file immediately
rm ~/conn.txt
# Step 5 — Restart App Service to pick up new secret
az webapp stop --name app-roundtrip-production --resource-group rg-roundtrip-production
sleep 15
az webapp start --name app-roundtrip-production --resource-group rg-roundtrip-production
Key Vault Reference Format
App Service settings use this format to reference Key Vault secrets:
@Microsoft.KeyVault(SecretUri=https://kv-roundtrip-prod.vault.azure.net/secrets/SECRET-NAME/)
.NET config key → Key Vault secret name mapping:
- Colons (
:) in .NET config keys become double hyphens (--) in Key Vault secret names - Double underscores (
__) in App Service settings map to colons in .NET config
Example:
- .NET config:
ConnectionStrings:Default - Key Vault secret name:
ConnectionStrings--Default - App Service setting:
ConnectionStrings__Default
Resource Summary
| Resource | Name | URL / Endpoint |
|---|---|---|
| App Service | app-roundtrip-prod | https://app-roundtrip-production.azurewebsites.net |
| SQL Server | sql-roundtrip-prod | sql-roundtrip-prod.database.windows.net |
| SQL Database | sqldb-roundtrip-prod | — |
| Storage Account | stroundtripprod | — |
| Redis Cache | redis-roundtrip-prod | redis-roundtrip-prod.redis.cache.windows.net |
| Key Vault | kv-roundtrip-prod | https://kv-roundtrip-prod.vault.azure.net |
| App Insights | appi-roundtrip-prod | — |
| Resource Group | rg-roundtrip-production | Central US |