Skip to main content

Azure CLI Command Reference

A quick reference for all Azure CLI commands used in the RoundTrip production infrastructure setup. Keep this handy — these are the commands you'll reach for repeatedly.


Logging

# Development logging
az webapp log tail --name app-roundtrip-dev --resource-group rg-roundtrip-dev

# Production logging
az webapp log tail --name app-roundtrip-production --resource-group rg-roundtrip-production

Authentication

# Login to Azure (opens browser)
az login

# Login allowing no subscriptions (useful for MFA issues)
az login --allow-no-subscriptions

# Login to a specific tenant
az login --tenant TENANT_ID

# Show current account and subscription
az account show

# List all subscriptions
az account list --all --output table

# Set active subscription
az account set --subscription SUBSCRIPTION_ID

Resource Group

# Create resource group
az group create \
--name rg-roundtrip-production \
--location centralus \
--tags project=roundtrip environment=production owner=pete.carroll

# List all resource groups
az group list --output table

# Delete resource group (and ALL resources inside it — use with caution)
az group delete --name rg-roundtrip-production --yes

App Service

# Create App Service Plan
az appservice plan create \
--name plan-roundtrip-production \
--resource-group rg-roundtrip-production \
--location centralus \
--sku B1 \
--is-linux

# Create App Service
az webapp create \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--plan plan-roundtrip-production \
--runtime "DOTNETCORE|10.0"

# Enable managed identity
az webapp identity assign \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production

# Show managed identity principal ID
az webapp identity show \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--query principalId -o tsv

# Set application settings (Key Vault references)
az webapp config appsettings set \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--settings KEY="VALUE"

# List all application settings
az webapp config appsettings list \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production

# Delete an application setting
az webapp config appsettings delete \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--setting-names SETTING_NAME

# Set runtime version
az webapp config set \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--linux-fx-version "DOTNETCORE|10.0"

# Start / Stop / Restart
az webapp start --name app-roundtrip-production --resource-group rg-roundtrip-production
az webapp stop --name app-roundtrip-production --resource-group rg-roundtrip-production
az webapp restart --name app-roundtrip-production --resource-group rg-roundtrip-production

# Show app state
az webapp show \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--query "state" -o tsv

# Tail live logs
az webapp log tail \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production

# Download logs as zip
az webapp log download \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--log-file app-logs.zip

Deployment

# Publish the .NET app
dotnet publish src/RoundTrip.API.Web \
--configuration Release \
--output ./publish

# Zip the publish output
cd publish
zip -r ../roundtrip-api.zip .
cd ..

# Deploy zip to App Service
az webapp deploy \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--src-path roundtrip-api.zip \
--type zip

# Clean up publish artifacts
rm -rf publish roundtrip-api.zip

SQL Server and Database

# Create SQL Server
az sql server create \
--name sql-roundtrip-prod \
--resource-group rg-roundtrip-prod \
--location centralus \
--admin-user roundtrip-admin \
--admin-password YOUR_PASSWORD

# Reset SQL admin password
az sql server update \
--name sql-roundtrip-prod \
--resource-group rg-roundtrip-prod \
--admin-password YOUR_NEW_PASSWORD

# Create firewall rule for Azure services
az sql server firewall-rule create \
--name AllowAzureServices \
--resource-group rg-roundtrip-prod \
--server sql-roundtrip-prod \
--start-ip-address 0.0.0.0 \
--end-ip-address 0.0.0.0

# Add your local IP to firewall (for DataGrip / local tools)
MY_IP=$(curl -s https://api.ipify.org)
az sql server firewall-rule create \
--name LocalDev \
--resource-group rg-roundtrip-prod \
--server sql-roundtrip-prod \
--start-ip-address "$MY_IP" \
--end-ip-address "$MY_IP"

# Remove local IP firewall rule when done
az sql server firewall-rule delete \
--name LocalDev \
--resource-group rg-roundtrip-prod \
--server sql-roundtrip-prod

# Run EF Core migrations against production database
dotnet ef database update \
--project src/RoundTrip.API.Infrastructure \
--startup-project src/RoundTrip.API.Web \
--connection 'Server=tcp:sql-roundtrip-prod.database.windows.net,1433;Initial Catalog=sqldb-roundtrip-prod;User ID=roundtrip-admin;Password=YOUR_PASSWORD;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;'

# Update EF tools
dotnet tool update --global dotnet-ef

Storage Account

# Create storage account
az storage account create \
--name stroundtripprod \
--resource-group rg-roundtrip-production \
--location centralus \
--sku Standard_LRS \
--kind StorageV2 \
--min-tls-version TLS1_2 \
--allow-blob-public-access false

# Get storage account key
az storage account keys list \
--account-name stroundtripprod \
--resource-group rg-roundtrip-production \
--query "[0].value" -o tsv

# Get storage connection string
az storage account show-connection-string \
--name stroundtripprod \
--resource-group rg-roundtrip-production \
--query connectionString -o tsv

# Create blob container
az storage container create \
--name invoices \
--account-name stroundtripprod \
--account-key YOUR_KEY

Redis Cache

# Create Redis Cache (takes 10-15 minutes)
az redis create \
--name redis-roundtrip-prod \
--resource-group rg-roundtrip-production \
--location centralus \
--sku Basic \
--vm-size c0

# Get Redis primary key
az redis list-keys \
--name redis-roundtrip-prod \
--resource-group rg-roundtrip-production \
--query primaryKey -o tsv

Key Vault

# Create Key Vault
az keyvault create \
--name kv-roundtrip-prod \
--resource-group rg-roundtrip-production \
--location centralus \
--sku standard

# Grant App Service read access (RBAC mode)
APP_IDENTITY=$(az webapp identity show \
--name app-roundtrip-prod \
--resource-group rg-roundtrip-production \
--query principalId -o tsv)

KV_ID=$(az keyvault show \
--name kv-roundtrip-prod \
--resource-group rg-roundtrip-production \
--query id -o tsv)

az role assignment create \
--role "Key Vault Secrets User" \
--assignee-object-id "$APP_IDENTITY" \
--assignee-principal-type ServicePrincipal \
--scope "$KV_ID"

# Grant your CLI session write access (RBAC mode)
MY_ID=$(az ad signed-in-user show --query id -o tsv)
az role assignment create \
--role "Key Vault Secrets Officer" \
--assignee-object-id "$MY_ID" \
--assignee-principal-type User \
--scope "$KV_ID"

# Store a secret
az keyvault secret set \
--vault-name kv-roundtrip-production \
--name "SECRET-NAME" \
--value 'SECRET-VALUE'

# Store a secret from a file (use for values with special characters)
az keyvault secret set \
--vault-name kv-roundtrip-production \
--name "SECRET-NAME" \
--file ~/secret.txt

# Show a secret value
az keyvault secret show \
--vault-name kv-roundtrip-production \
--name "SECRET-NAME" \
--query value -o tsv

# List all secrets
az keyvault secret list \
--vault-name kv-roundtrip-production \
--query "[].name" -o tsv

# Delete a secret
az keyvault secret delete \
--vault-name kv-roundtrip-production \
--name "SECRET-NAME"

Application Insights

# Create Log Analytics Workspace
az monitor log-analytics workspace create \
--workspace-name log-roundtrip-production \
--resource-group rg-roundtrip-production \
--location centralus

# Create Application Insights
az monitor app-insights component create \
--app appi-roundtrip-prod \
--resource-group rg-roundtrip-production \
--location centralus \
--workspace LOG_ANALYTICS_ID

# Get App Insights connection string
az monitor app-insights component show \
--app appi-roundtrip-prod \
--resource-group rg-roundtrip-production \
--query connectionString -o tsv

Health Check

# Quick health check via curl
curl https://app-roundtrip-production.azurewebsites.net/health

# Check app state via CLI
az webapp show \
--name app-roundtrip-production \
--resource-group rg-roundtrip-production \
--query "state" -o tsv

Password Rotation (after a credential exposure)

# Step 1 — Reset SQL admin password
az sql server update \
--name sql-roundtrip-prod \
--resource-group rg-roundtrip-production \
--admin-password "YOUR_NEW_PASSWORD"

# Step 2 — Create connection string file (use text editor, not terminal)
# File contents (one line, no line breaks):
# Server=tcp:sql-roundtrip-prod.database.windows.net,1433;Initial Catalog=sqldb-roundtrip-prod;User ID=roundtrip-admin;Password=NEW_PASSWORD;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;

# Step 3 — Update Key Vault secret from file
az keyvault secret set \
--vault-name kv-roundtrip-prod \
--name "ConnectionStrings--Default" \
--file ~/conn.txt

# Step 4 — Delete the file immediately
rm ~/conn.txt

# Step 5 — Restart App Service to pick up new secret
az webapp stop --name app-roundtrip-production --resource-group rg-roundtrip-production
sleep 15
az webapp start --name app-roundtrip-production --resource-group rg-roundtrip-production

Key Vault Reference Format

App Service settings use this format to reference Key Vault secrets:

@Microsoft.KeyVault(SecretUri=https://kv-roundtrip-prod.vault.azure.net/secrets/SECRET-NAME/)

.NET config key → Key Vault secret name mapping:

  • Colons (:) in .NET config keys become double hyphens (--) in Key Vault secret names
  • Double underscores (__) in App Service settings map to colons in .NET config

Example:

  • .NET config: ConnectionStrings:Default
  • Key Vault secret name: ConnectionStrings--Default
  • App Service setting: ConnectionStrings__Default

Resource Summary

ResourceNameURL / Endpoint
App Serviceapp-roundtrip-prodhttps://app-roundtrip-production.azurewebsites.net
SQL Serversql-roundtrip-prodsql-roundtrip-prod.database.windows.net
SQL Databasesqldb-roundtrip-prod
Storage Accountstroundtripprod
Redis Cacheredis-roundtrip-prodredis-roundtrip-prod.redis.cache.windows.net
Key Vaultkv-roundtrip-prodhttps://kv-roundtrip-prod.vault.azure.net
App Insightsappi-roundtrip-prod
Resource Grouprg-roundtrip-productionCentral US