Microsoft Azure (AZ-104): PowerShell Script / Azure CLI

goay xuan hui
3 min readJun 13, 2021

--

Create a Virtual Network

  1. Create a resource group
az group create 
--name CreateVNetQS-rg
--location eastus

2. Create a virtual network

az network vnet create 
--name myVNet
--resource-group CreateVNetQS-rg
--subnet-name default

3. Create a virtual machine

az vm create 
--resource-group CreateVNetQS-rg
--name myVM1
--image UbuntuLTS
--generate-ssh-keys
--public-ip-address myPublicIP-myVM1
--no-wait

Manage Azure disks with Azure PowerShell

  1. Create the initial configuration with New-AzDiskConfig.
$diskConfig = New-AzDiskConfig 
-Location "EastUS"
-CreateOption Empty
-DiskSizeGB 128

2. Create the data disk with the New-AzDisk command.

$dataDisk = New-AzDisk 
-ResourceGroupName "myResourceGroupDisk"
-DiskName "myDataDisk"
-Disk $diskConfig

3. Get the virtual machine that you want to add the data disk to with the Get-AzVM command.

$vm = 
Get-AzVM
-ResourceGroupName "myResourceGroupDisk"
-Name "myVM"

4. Add the data disk to the virtual machine configuration with the Add-AzVMDataDisk command.

$vm = Add-AzVMDataDisk     
-VM $vm
-Name "myDataDisk"
-CreateOption Attach
-ManagedDiskId $dataDisk.Id
-Lun 1

5. Update the virtual machine with the Update-AzVM command.

Update-AzVM 
-ResourceGroupName “myResourceGroupDisk”
-VM $vm

Change the capacity of a scale set

az vmss scale 
--resource-group myResourceGroup
--name myScaleSet
--new-capacity 5

Create a custom role

$role = Get-AzRoleDefinition "Virtual Machine Contributor"
$role.Id = $null
$role.Name = "Virtual Machine Operator"
$role.Description = "Can monitor and restart virtual machines."
$role.Actions.Clear()
$role.Actions.Add("Microsoft.Storage/*/read")
$role.Actions.Add("Microsoft.Network/*/read")
$role.Actions.Add("Microsoft.Compute/*/read")
$role.Actions.Add("Microsoft.Compute/virtualMachines/start/action")
$role.Actions.Add("Microsoft.Compute/virtualMachines/restart/action")
$role.Actions.Add("Microsoft.Authorization/*/read")
$role.Actions.Add("Microsoft.ResourceHealth/availabilityStatuses/read")
$role.Actions.Add("Microsoft.Resources/subscriptions/resourceGroups/read")
$role.Actions.Add("Microsoft.Insights/alertRules/*")
$role.Actions.Add("Microsoft.Support/*")
$role.AssignableScopes.Clear()
$role.AssignableScopes.Add("/subscriptions/00000000-0000-0000-0000-000000000000")
$role.AssignableScopes.Add("/subscriptions/11111111-1111-1111-1111-111111111111")
New-AzRoleDefinition
-Role $role

Move resource to different subscription

Move-AzResource -DestinationSubscriptionId
NOT Move-VMResource!!!

Create a public load balancer to load balance VMs

  1. Create a new resource group
New-AzResourceGroup 
-Name 'CreatePubLBQS-rg'
-Location 'eastus'

2. Create a public IP address

$publicIp = Get-AzPublicIpAddress 
-Name 'myPublicIP'
-ResourceGroupName 'CreatePubLBQS-rg'
az network public-ip create
--resource-group CreatePubLBQS-rg
--name myPublicIP
--sku Standard

3. Create load balancer frontend configuration and assign it with the public IP address

$feip = New-AzLoadBalancerFrontendIpConfig 
-Name 'myFrontEnd'
-PublicIpAddress $publicIp
az network lb create
--resource-group CreatePubLBQS-rg
--name myLoadBalancer
--sku Standard
--public-ip-address myPublicIP
--frontend-ip-name myFrontEnd
--backend-pool-name myBackEndPool

Manage Storage Account

  1. List IP Rules
Get-AzStorageAccountNetworkRuleSet 
-ResourceGroupName "myresourcegroup"
-AccountName "mystorageaccount").IPRules

2. Add a network rule for an individual IP address

Add-AzStorageAccountNetworkRule 
-ResourceGroupName "myresourcegroup"
-AccountName "mystorageaccount" -IPAddressOrRange "16.17.18.19"

3. Create Storage Account

az storage account create 
--name <storage-account>
--resource-group <resource-group>

--location <location>
--sku Standard_ZRS
--encryption-services blob

4. Create Container

az storage container create 
--account-name <storage-account>
--name <container>

--auth-mode login

Create Custom Image

az vm deallocate
--resource-group <>
--name demovm
az vm generalize
--resource-group <>
--name demovm
az image create
--resource-group <>
--name <imageName>
--source demovm

Create DNS Record

az network dns record-set a add-record 
--resource-group myresourcegroup
--zone-name contoso.com
--record-set-name www
--ipv4-address 1.2.3.4
az network dns record-set a add-record
--resource-group myresourcegroup
--zone-name contoso.com
--record-set-name "@"
--ipv4-address 1.2.3.4

To create a record set in the apex of the zone (in this case, “contoso.com”), use the record name “@”.

A domain apex is the “root” level of your domain. For example, let’s say you just purchased mywebsite.com. We’d call that the “domain apex”, meaning that mywebsite.com is the “root” of the hierarchy of domain names.

Create a Role From a File Containing JSON Descripton

az role definition create 
--role-definition @newrole.json

--

--

goay xuan hui
goay xuan hui

Written by goay xuan hui

A food lover, a cyber security enthusiast, a musician and a traveller, so you will see a mix of different contents in my blog. ☺️

Responses (2)