Skip to content

Instantly share code, notes, and snippets.

@davidmoremad

davidmoremad/az-cheatsheet.md

Last active August 28, 2023 18:37
Show Gist options
  • Save davidmoremad/b1e71c383159770a6853c9b4da565a12 to your computer and use it in GitHub Desktop.
Save davidmoremad/b1e71c383159770a6853c9b4da565a12 to your computer and use it in GitHub Desktop.
Download ZIP
Azure CLI Cheatsheet
Raw
az-cheatsheet.md

AZURE-CLI Cheatsheet

Table of content

Installation

Ref: https://docs.microsoft.com/es-es/cli/azure/?view=azure-cli-latest

Function Command
Install az on Windows Download MSI
Install az on Mac brew install azure-cli
Install az on Linux apt-get install azure-cli
Configuring awscli az login

Virtual Machines

VM-UTIL: List all virtual machines

az vm list

VM-UTIL: List all stopped virtual machines

az vm list -d \
    --query "[?powerState=='VM deallocated'] || [?powerState=='VM stopped'] || [?powerState=='VM unknown']"

VM-UTIL: Check status of all virtual machines

az vm list -d \
    --query "[].[name, powerState]"

VM-UTIL: Get all ip addresses from stopped virtual machines

az vm list -d \
    --query "[?powerState=='VM deallocated'].[name, powerState, publicIps] || [?powerState=='VM stopped'].[name, powerState, publicIps] || [?powerState=='VM unknown'].[name, powerState, publicIps]"

VM-UTIL: List all snapshots in the date specified

az snapshot list \
    --query "[?timeCreated >= '2019-06-02']"

VM-SEC: List all snapshot in the date specified and without encryption

az snapshot list \
    --query "[?timeCreated >= '2019-06-02'] && [?encryptionSettingsCollection==null]"

VM-SEC: List SecurityGroups with SSH (22) open to Internet

az network nsg list \
    --query "[?securityRules[?access == 'Allow']].[name] && [?securityRules[?destinationPortRange == '22']].[name]"

VM-SEC: List all server certificates

az keyvault list \
    --query "[].[vaultName] \
    --out tsv"\
    |xargs -I {} bash -c 'if [[ $(az keyvault certificate list --vault-name {}) ]]; then echo {} ; fi

Keys & Access Management

KAM-UTIL: List all policies

az policy definition list

KAM-UTIL: List all groups

az group list

KAM-UTIL: Get users for a specified for a given group

az ad group member list \
    --group {name}

KAM-SEC: Check if user has MFA enabled

$Msolcred = Get-credential
Connect-MsolService -Credential $MsolCred
Get-MsolUser -All | where {$_.StrongAuthenticationMethods -ne $null} | Select-Object -Property UserPrincipalName, DisplayName

KAM-SEC: Check users with no MFA enabled

Get-MsolUser -All | where {$_.StrongAuthenticationMethods.Count -eq 0} | Select-Object -Property UserPrincipalName, DisplayName

Storage

STR-UTIL: List all storages

az storage account list

STR-UTIL: Check alerts for storage accounts

az security alert list \
    --query "[?contains(extendedProperties.resourceType, 'Storage')]"

SQL

SQL-SEC: Check if a database has transparent data encryption enabled

az sql db tde show \
    --server {name} \
    --resource-group {name} \
    --database {name}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment