Link Search Menu Expand Document

Azure Cheat Sheet


az login [--tenant <id>]
az login --identity               # Login with VM service principal

az account set --subscription <name|id>
az account list                   # List of subscriptions the account has access to
az account show | jq .id          # To see active subscription
az account show --output table

Note: Always set or verify your subscription as “az login” without tenant chooses one without saying.

az aks get-credentials --resource-group <group name> --name <name>

Resources / Groups

az resource list
az resource list --name <name>
az resource list -g <resource group>

az group list

az resource show   --name MySubnet --resource-group MyResourceGroup --resource-type "Microsoft.Compute/virtualMachines"
az resource delete --name MyVm --resource-group MyResourceGroup --resource-type "Microsoft.Compute/virtualMachines"     

Activity Log

Dump operations needed for creating custom AD roles

az monitor activity-log list --start-time 2020-09-08 --offset 7d | jq -r '.[] | .operationName["value"] ' | sort -u


Get managed identity token via API

$response = Invoke-WebRequest -Uri '' -Method GET -Headers @{Metadata="true"}
az ad sp list --query "[].appDisplayName"
az ad sp list --show-mine --query "[].{id:appId, tenant:appOwnerTenantId}"


Make an ACR private

az acr --name <name> --public-network-enabled false

Import docker images into a private ACR (works in Azure Shell)

az acr import -n MyRegistry --source -t targetrepository:targettag


az aks list
az aks list | jq -r '.[].name'      # Just names

az aks get-credentials --resource-group <resource group> --name <name>      # Get kubectl context

az aks create --name <name> --resource-group <group> --enable-managed-identity [--enable-private-cluster] 


az keyvault secret set --vault-name <vault> --name <secret name> --file <secret file> --encoding ascii --only-show-errors --output none
az keyvault secret show  --vault-name <vault> --name <secret name>
az keyvault secret purge --vault-name <vault> --name <secret name>


  • Microsoft built-in policies:
  • Community policies:
  • AKS OpenPolicyAgent gatekeeper enforced policies: