Microsoft Azure (AZ-104): PowerShell Script / Azure CLI
Create a Virtual Network
- Create a resource group
az group create
--name CreateVNetQS-rg
--location eastus2. Create a virtual network
az network vnet create
--name myVNet
--resource-group CreateVNetQS-rg
--subnet-name default3. Create a virtual machine
az vm create
--resource-group CreateVNetQS-rg
--name myVM1
--image UbuntuLTS
--generate-ssh-keys
--public-ip-address myPublicIP-myVM1
--no-waitManage Azure disks with Azure PowerShell
- Create the initial configuration with New-AzDiskConfig.
$diskConfig = New-AzDiskConfig
-Location "EastUS"
-CreateOption Empty
-DiskSizeGB 1282. Create the data disk with the New-AzDisk command.
$dataDisk = New-AzDisk
-ResourceGroupName "myResourceGroupDisk"
-DiskName "myDataDisk"
-Disk $diskConfig3. Get the virtual machine that you want to add the data disk to with the Get-AzVM command.
$vm =
Get-AzVM
-ResourceGroupName "myResourceGroupDisk"
-Name "myVM"4. Add the data disk to the virtual machine configuration with the Add-AzVMDataDisk command.
$vm = Add-AzVMDataDisk
-VM $vm
-Name "myDataDisk"
-CreateOption Attach
-ManagedDiskId $dataDisk.Id
-Lun 15. Update the virtual machine with the Update-AzVM command.
Update-AzVM
-ResourceGroupName “myResourceGroupDisk”
-VM $vmChange the capacity of a scale set
az vmss scale
--resource-group myResourceGroup
--name myScaleSet
--new-capacity 5Create a custom role
$role = Get-AzRoleDefinition "Virtual Machine Contributor"
$role.Id = $null
$role.Name = "Virtual Machine Operator"
$role.Description = "Can monitor and restart virtual machines."
$role.Actions.Clear()
$role.Actions.Add("Microsoft.Storage/*/read")
$role.Actions.Add("Microsoft.Network/*/read")
$role.Actions.Add("Microsoft.Compute/*/read")
$role.Actions.Add("Microsoft.Compute/virtualMachines/start/action")
$role.Actions.Add("Microsoft.Compute/virtualMachines/restart/action")
$role.Actions.Add("Microsoft.Authorization/*/read")
$role.Actions.Add("Microsoft.ResourceHealth/availabilityStatuses/read")
$role.Actions.Add("Microsoft.Resources/subscriptions/resourceGroups/read")
$role.Actions.Add("Microsoft.Insights/alertRules/*")
$role.Actions.Add("Microsoft.Support/*")
$role.AssignableScopes.Clear()
$role.AssignableScopes.Add("/subscriptions/00000000-0000-0000-0000-000000000000")
$role.AssignableScopes.Add("/subscriptions/11111111-1111-1111-1111-111111111111")New-AzRoleDefinition
-Role $role
Move resource to different subscription
Move-AzResource -DestinationSubscriptionId
NOT Move-VMResource!!!Create a public load balancer to load balance VMs
- Create a new resource group
New-AzResourceGroup
-Name 'CreatePubLBQS-rg'
-Location 'eastus'2. Create a public IP address
$publicIp = Get-AzPublicIpAddress
-Name 'myPublicIP'
-ResourceGroupName 'CreatePubLBQS-rg'az network public-ip create
--resource-group CreatePubLBQS-rg
--name myPublicIP
--sku Standard
3. Create load balancer frontend configuration and assign it with the public IP address
$feip = New-AzLoadBalancerFrontendIpConfig
-Name 'myFrontEnd'
-PublicIpAddress $publicIpaz network lb create
--resource-group CreatePubLBQS-rg
--name myLoadBalancer
--sku Standard
--public-ip-address myPublicIP
--frontend-ip-name myFrontEnd
--backend-pool-name myBackEndPool
Manage Storage Account
- List IP Rules
Get-AzStorageAccountNetworkRuleSet
-ResourceGroupName "myresourcegroup"
-AccountName "mystorageaccount").IPRules2. Add a network rule for an individual IP address
Add-AzStorageAccountNetworkRule
-ResourceGroupName "myresourcegroup"
-AccountName "mystorageaccount" -IPAddressOrRange "16.17.18.19"3. Create Storage Account
az storage account create
--name <storage-account>
--resource-group <resource-group>
--location <location>
--sku Standard_ZRS
--encryption-services blob4. Create Container
az storage container create
--account-name <storage-account>
--name <container>
--auth-mode loginCreate Custom Image
az vm deallocate
--resource-group <>
--name demovmaz vm generalize
--resource-group <>
--name demovmaz image create
--resource-group <>
--name <imageName>
--source demovm
Create DNS Record
az network dns record-set a add-record
--resource-group myresourcegroup
--zone-name contoso.com
--record-set-name www
--ipv4-address 1.2.3.4az network dns record-set a add-record
--resource-group myresourcegroup
--zone-name contoso.com
--record-set-name "@"
--ipv4-address 1.2.3.4
To create a record set in the apex of the zone (in this case, “contoso.com”), use the record name “@”.
A domain apex is the “root” level of your domain. For example, let’s say you just purchased mywebsite.com. We’d call that the “domain apex”, meaning that mywebsite.com is the “root” of the hierarchy of domain names.
Create a Role From a File Containing JSON Descripton
az role definition create
--role-definition @newrole.json