Donovan Brown

Technology Blog

Using the Azure CLI for IaC

24 April 2019 Donovan Work (4)

I recently started using the Azure command-line interface (CLI) as my tool of choice for Infrastructure as Code. Before the CLI I was using Azure Resource Manager Templates (ARM). I find ARM difficult to author. Of course, there are tradeoffs and once the authoring of ARM is fixed, I think I will return. But until then I want to share some things I have learned while experimenting with the CLI.

While preparing a demo for VS Live I was disappointed when I could not find a why to create an Application Insights resource using CLI. I was sharing my frustration with Steven Murawski when he told me that is was possible to create an Application Insights resource using the CLI and showed me some sample code.

The key was the az resource command. Using this command, you can create any resource you want. The catch is you need to know the string that represents the resource type and the properties required to create it. Thankfully Jim Reid shared a link to all the Azure Resource definitions. There you can find the names for the resource type property. Following the links to the quick starts you can find ARM templates to use to figure out the required properties.

Below is a PowerShell example of creating an Application Insights resource and storing the instrumentation key for later use. 

###############################################################################
# This creates the application insights and stores the InstrumentationKey in
# an environment variable of the same name.
Write-Output "Creating the application insights resource for $webSiteName."
az resource create --name $webSiteName `
   --resource-group $resourceGroupName `
   --resource-type "Microsoft.Insights/components" `
   --location westus2  `
   --properties "{""""ApplicationId"""": """"$webSiteName""""}" `
   --output $output

$instrumentationKey = $(az resource show --name $webSiteName `
      --resource-group $resourceGroupName `
      --namespace Microsoft.Insights `
      --resource-type components `
      --query properties.InstrumentationKey `
      --output tsv)

Write-Verbose "Instrumentation Key = $instrumentationKey"

Comments (4) -

  • Brett Hinton

    4/29/2019 5:50:49 PM | Reply

    @Donovan - I have so many questions here - it started off as one, but they multiplied.

    You mentioned that you would return to ARM when the authoring is fixed - does that mean you might have some confidence that the issues with Authoring you found are things they are working on fixing (a sidenote here is that I'm curious what issues where frustrating enough that ultimately led you to go down the CLI route rather than sticking with ARM).

    In regards to the CLI work you are doing - are you writing it generally in an idempotent way, or are these generally considered run once type of operations? Curious if there was anything that pulled you down the Azure CLI instead of the Azure powershell route?

    We use ARM, but recognize it has some issues in different areas and are wondering if the continued investment/reliance on ARM is the best option or if we should punt for Azure CLI/Azure Powershell or looking at Terraform would be best?

  • BenTheBuilder

    7/16/2019 1:05:58 AM | Reply

    I agree 100% with you.. ARM Templates are just not very flexible or easy to work with. I've currently got a project underway utilizing Terraform, but it sometimes feels a little to heavy handed. Another option I'm thinking about PoC'ing is Ansible for both Iac and Config Mgmt. Was wondering if you have any experience with either TF or Ansible and what lead you down CLI vs these other options?

    • Donovan

      8/6/2019 7:35:06 PM | Reply

      I have a TF expert on my team that might be able to give you some help. I knew all my code was going to run in Azure so I laser focused on Azure tooling and not generic tooling. If you need multi-cloud you are going the correct route.  You might also take a look at this. abelsquidhead.com/.../

  • Bassicaly

    6/12/2020 3:37:39 PM | Reply

    Just did my AZ-500 training and while working on the labs I set them up as 'az cli' commands in Azure DevOps to do IaC, but from that perspective this is not really the case is it? I don't have the pull requests, code review etc... didn't even have a repo. In this case it seems like the cli is causing us to go more procedural than declarative. What are your thoughts on that?

Add comment

Loading