CLI Bash scripts and Terraform HCL to automate setup and work while you save money
Overview
Don’t leave resources running, running up your credit card bill.
People leave resources running because they don’t have the time to repeat the manual toil to click though the Azure Portal GUI.
Invoking the automation scripts described here saves you money because you can recreate (consistently) resources with just a few commands.
Most scripts in the rep are Bash shell scripts that run natively on MacOS and Linux. PowerShell scripts are used in cases where they are the only solution. Script code can run on Windowsw Git Bash Shell.
Within script code are references to documentation and tutorials related to the commands used.
Setup a new Azure Subscription:
-
Get an Azure account and learn to use the Azure portal and Azure shell, which I describe at:
https://wilsonmar.github.io/azure-quickly
Setup a new Subscription environment:
-
Triple-click this command below:
bash -c "$(curl -fsSL https://raw.githubusercontent.com/wilsonmar/azure-quickly/master/az-setup-cli.sh)" -v -i
-
Right-click the highlighted and select “Copy”.
-
Get in https://shell.azure.com or click the CLI icon after entering https://portal.azure.com
-
Right-click anywhere on the CLI Terminal window, then press command+V to paste from the Clipboard:
-
Press Enter to run the script. It takes several minutes to run.
Steps executed by the script “az-setup-cli.sh” are described in the section below. When done, you should see the folder containing scripts and the prompt at the left, where it will stay after each command (instead of at the end of the folder path):
~/clouddrive/azure-quickly $ _
-
Use the built-in Visual Studio Code editor to edit file setmem.sh
code ../setmem.sh
- Switch to the Portal GUI.
- Open the Subscription blade. Click on your current Subscription.
-
Click the copy icon next to the Subscription code (so it gets saved to your Clipboard).
- Switch to the Code editor window. Highlight the existing text in variable MY_SUBSCRIPTION_ID and press Paste (Command+V on Macs or Ctrl+V on Windows).
- Click the “…” menu to the right of the Code editor window to save, then exit.
Run your commands:
Now you can run scripts to create and manage resources. Most of the scripts reference a tutorial at Microsoft Learn, CloudAcademy, Pluralsight, Coursera, etc.
-
Run a Bing Search using API:
./az-bing-cli.sh
-
Create an Azure Key Vault for use by scripts to follow:
./az-keyvault-cli.sh
Optionally, put a secret in it; show secret; delete secret; recover secret; create a vm; Managed Service Identity; update permissions; Custom Script Extension; Apply the Custom Script Extension:
-
Create a Machine Learning Workspace to run iPython Notebooks using JupyterLab:
export MY_MLWORKSPACE_NAME="mela" ./az-mlworkspace-cli.sh
-
Use Azure Cognitive Services:
export MY_COG_ACCT="cogme" export MY_COG_PRICING_TIER="F0" # or S0 ./az-cog-cli.sh
-
Use Helm charts
./az-helm-cli.sh
-
Create a VM with a public IP address:
./az-vm-cli.sh
-
Create an App Service Plan, Azure Web App, Deployment, to show MY_APPNAME.
./az-webapp-cli.sh
-
Create a network with two subnets and a network security group that secures inbound traffic. One subnet is for remote access traffic, one is web traffic for VMs that run a web server. Two VMs are then created. One allows SSH access and has the appropriate network security group rules applied. You use this VM as an SSH jumpbox to then connect to the the second VM which can be used an web server:
./az-vm-jumpbox-cli.sh
-
Create a VM with a public IP address. Enabled are a storage account, boot diagnostics with the VM diagnostics extension applied:
./az-vm-diag-cli.sh
-
Create a VM; Recovery Services vault, a backup policy, then creates a VM and applies the backup policy before starting the initial backup job.
./az-vm-backup-cli.sh
-
Create a Docker container from a Dockerfile; Create AKS; Scale up replicas
./az-aks-cli.sh
The IP shows the “Month of Pizza Lunches in a container” website (load balanced).
-
Create IoT for WebApp:
export MY_PROJECT_FOLDER="iot-project" export MY_IOT_HUB_NAME="hubahuba" export MY_IOT_HUB_GROUP="hubgroupie" ./az-iot-cli.sh
-
Create Azure Functions:
./az-functions-temp.sh
Several Functions components are not available in the Azure CLI, so manual actions are needed on Azure portal to fill in the gaps. See the “Month of Lunches” ebook.
https://github.com/Azure/azure-quickstart-templates
Script coding tricks
Bash scripts here are written with coding conventions defined at https://wilsonmar.github.io/bash-coding which include:
-
source ./az-all-start.sh sets up environment variables and utility functions.
-
set -o errexit makes it so that the script stops on the first error (instead of running on).
-
A backslash \ character at the end of a line within the same az shell command continues that command.
-
A new Resource Group and all resources are created new every run to reduce the complexity of coding for idempotency (the status is the same at the end of every re-run).
-
–resource-group is a required argument on many commands. It’s last so that missing slash line a line above it would cause the command to fail.
-
Variable (specification) data controlling Python programs are passed to Python programs by saving them as variables in an .env file in the same folder as the Python program.
az-setup-cli.sh
The script should do all the steps below:
-
OPTIONAL: Edit the .bashrc file to customize the prompt:
If you’re in the cloud Shell (which runs the Linux operating system), add these lines to the bottom of the .bashrc:
export PS1="\n \w\[\033[33m\]\n$ " #
The PS1 sets the prompt so it appears in the same spot on the screen every line, under the current folder and file path (rather than to the right of it at various points on the screen).
”#” at the last line of the file is a hack to make a comment out of the PS1 the system adds on its own.
-
Navigate into a folder which holds repository to be downloaded:
Within Cloud Shell, it’s
cd cloudshellAlternately, on my laptop, I use
cd gmail_acct -
Remove the previous repo folder:
PROTIP: A time proxy command is added in front of commands to identify how many time was taken to run the command each time. For example, “0m4.559s” means about 4.6 seconds.
-
Download this repo to establish a run environment:
git clone https://github.com/wilsonmar/azure-quickly.git --depth 1 cd azure-quickly ls
--depth 1 specifies download of only the latest version, to save space used.
ls lists folders and files to confirm the download actually occurred.
-
Give all the shell file permissions to run:
chmod +x *.sh
-
Run script to setup Azure Providers:
source az-providers-setup.sh
The response is a list of providers added.
>>> Microsoft.AlertsManagement already Registered. >>> Microsoft.BotService already Registered. >>> Microsoft.ChangeAnalysis already Registered. >>> Microsoft.CognitiveServices already Registered. >>> Microsoft.Compute already Registered. >>> Microsoft.ContainerInstance already Registered. >>> Microsoft.ContainerRegistry already Registered. >>> Microsoft.Devices already Registered. >>> Microsoft.Insights already Registered. >>> Microsoft.KeyVault already Registered. >>> Microsoft.Notebooks already Registered. >>> Microsoft.MachineLearningServices already Registered. >>> Microsoft.ManagedIdentity already Registered. >>> Microsoft.Search already Registered. >>> Microsoft.Storage already Registered. >>> Microsoft.Web already Registered.
The above only needs to be done once, but running it again won’t be harmful.
-
Give setmem.sh permissions to run and run it :
chmod +x ../setmem.sh source ../setmem.sh
-
Move (copy and rename) “sample-setmem.sh” to file “setmem.sh”
mv setmem-sample.sh ../setmem.sh
PROTIP: We move the file where it will never be uploaded to any repository (GitHub, GitLab, etc.).
Manually customize values in setmem.sh
-
Open the file for edit using program “code” (Visual Studio Code):
code ../setmem.sh
.. is used because the file, containing secrets, is in a folder which should never be pushed to GitHub.
-
Use a text editor program to edit the ../setmem.sh file:
Scripts have been generalized by environment variables substituting for hard-coded values in scripts. PROTIP: Using variable instead of hard-coding avoids typos and misconfigurations.
Lines below define values for each variable so that multiple runs can use different values, without need to change the script file.
-
In portal.azure.com Subscription blade, select the Subscription you wnat to use, then click the icon to Copy to Clipboard.
In the file, highlight the ID and paste it:
export MY_SUBSCRIPTION_NAME="Azure Pass - Sponsorship" export MY_SUBSCRIPTION_ID="11cb040d-4e32-4524-bc8e-0bee213dddae" # for gmail
-
In portal.azure.com Tenant blade, select the Tenant you wnat to use, then click the icon to Copy to Clipboard.
In the file, highlight the ID and paste it:
export TENANT_ID="22223348-f7f0-4cc2-addc-11021d882720" # for gmail, in Portal
TODO: Substitute export statements of secrets with calls to retrieve them from a long-running Azure KeyVault. But no one else would be at this file unless they are properly logged into Azure under your account.
-
Edit the MY_LOC (Location = Region) and other defaults.
-
At the bottom of the file, add a statement which prints out one of the variables, so you know the export statements took:
In a Bash script:
echo "MY_RG=$MY_RG"
-
Save the file. In Cloud Shell, press command+Q or clicking the “…” to press Save, then Close.
Each work session
-
At the beginning of each session invoke the script in the folder just above your custom scripts repo:
source ../setmem.sh
NOTE: Using “source” to run the script so that environment variables defined in the script will be visible after the script is done, and be inherited by any programs you launch from it. That’s because source runs the script in the current shell. But note that any exit statement would stop the run.
Alternately,
source <(curl -s -L https://example.com/install.sh)
After execution, you can still override variable values before running another script.
That is how you can run scripts for several regions/locations - by changing just the MY_LOC environment variable’s value and running the script again.
-
PROTIP: Delete resource groups to stop charges from accumulating on Virtual Servers:
time az group delete --name "${MY_RG}" --yes # takes several minutes
–yes before the az command feeds a “y” to automatically answer the request:
Are you sure you want to perform this operation? (y/n): y
az role coding
# https://learn.microsoft.com/en-us/cli/azure/role?view=azure-cli-latest az role definition create --role-definition ./role.json az role definition list az role assignment create --role "$MY_ROLE" \ --assignee-object-id "$AZ_ASSIGNEE_OBJECT_ID" \ --resource-group "$MY_RESOURCE_GROUP" \ --scope "$MY_SCOPE" az role assignment list
The role.json file contains:
{ "Name": "Contoso On-call", "Description": "Perform VM actions and read storage and network information.", "Actions": [ "Microsoft.Compute/*/read", "Microsoft.Compute/virtualMachines/start/action", "Microsoft.Compute/virtualMachines/restart/action", "Microsoft.Network/*/read", "Microsoft.Storage/*/read", "Microsoft.Authorization/*/read", "Microsoft.Resources/subscriptions/resourceGroups/read", "Microsoft.Resources/subscriptions/resourceGroups/resources/read", "Microsoft.Insights/alertRules/*", "Microsoft.Support/*" ], "DataActions": [ "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/*" ], "NotDataActions": [ "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" ], "AssignableScopes": ["/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"] }
References
Scripts here are adapted from various experts generous with sharing their code:
-
https://github.com/fouldsy/azure-mol-samples-2nd-ed by Iain Foulds, explained in https://aka.ms/monthoflunches published 4/30/2020.
- https://github.com/MicrosoftLearning/AZ-303-Microsoft-Azure-Architect-Technologies
- https://github.com/MicrosoftLearning/AZ500-AzureSecurityTechnologies
-
https://github.com/Azure/azure-cli by Microsoft
- https://github.com/timothywarner/az400 & az303 by Tim Warner
-
https://github.com/zaalion/oreilly-azure-app-security by Reza Salehi
- https://github.com/Azure/azure-quickstart-templates (ARM Templates)
- https://github.com/johnthebrit/AzureMasterClass PowerShell scripts
-
https://github.com/terraform-providers/terraform-provider-azurerm
- Skylines Academy
- Gruntwork (Terraform)
- CloudPosse (Terraform for AWS)
More about Azure
This is one of a series about Azure cloud:
- Azure cloud introduction
- Azure Cloud Onramp (Subscriptions, Portal GUI, CLI)
- RDP client to access servers
- Bash Windows using Microsoft’s WSL (Windows Subsystem for Linux)
- Microsoft PowerShell ecosystem
- Azure Cloud Powershell
- PowerShell DSC (Desired State Configuration)
- PowerShell Modules
- Azure Networking
- Azure Storage
- Azure Compute
- Azure cloud DevOps
- Dockerize apps
- Kubernetes container engine
- Hashicorp Vault and Consul for keeping secrets
- Hashicorp Terraform
- Ansible
- Microsoft AI in Azure cloud
- Azure Monitoring
- Azure KSQL (Kusto Query Language) for Azure Monitor, etc.
- Dynatrace cloud monitoring
- Cloud Performance testing/engineering
- Cloud JMeter
v015 + from futures :2021-05-14-azure-quickly.md