DEV Community

Cover image for Creating Azure Resources via Azure CLI
Rahimah Sulayman
Rahimah Sulayman

Posted on

Creating Azure Resources via Azure CLI

#azure #cloudcomputing #infrastructure #automation

Introduction

Moving from the clickable, colorful buttons of the Azure Portal to the stark, blinking cursor of a terminal can feel like stepping onto a different planet. It’s intimidating, and honestly, it’s easy to feel like you’re doing it "wrong" when the code doesn't work the first time.

But here’s the secret, every cloud expert started exactly where you are - staring at a command line and wondering where to begin. This guide isn't about complex high-level theory. It’s a practical walkthrough for anyone who wants to stop clicking and start building. Whether you're a student, a career-switcher, or just curious, let's take those first steps into cloud automation together.

Install Azure CLI and Login

The objective is to install the Azure CLI on your machine and authenticate to your Azure subscription.

Step 1: Install on Windows(Winget)
This installs the Azure CLI tool using the Windows package manager(winget).
The Azure Command-Line Interface (CLI) is a cross-platform command-line tool that can be installed locally on Windows computers. For Windows, the Azure CLI is installed via an MSI or a ZIP package, which gives you access to the Azure CLI through PowerShell or the Windows Command Prompt (cmd.exe).
To install the Azure CLI, run this command: winglet install Microsoft.AzureCLI on the VScode terminal.

winget
Notice I already had the package installed prior to this post so it updated instead.
You can also browse the link below. But we'll stick to the terminal here.
[Click here]!(https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest&pivots=winget) to install on Windows.

windows
I will dedicate any post to installing the AzureCLI via the browser.

NOTE: After the installation is complete, you must close and reopen any active terminal window to use the Azure CLI.

Step 2: Verify the installation.
To verify the installation, run the Azure CLI command az --version command.

az version

This gives details of the Azure version in use.

Step 3: Login and set subscription
Run the Azure command az login. This opens a browser for interactive authentication and sets your active Azure subscription context.
Notice this browser can be on the left side of the screen or behind the screen, so it is advisable to minimize your screen if you can't see it.

az login

Notice You can also choose another account and select Continue.

another acct
Step 4: Then Sign in and select Next.

sign in

It is needed because azure needs to know who is running the commands and which billing account (subscription) to charge.
This is for Security — ensuring authenticated and authorized access before interacting with cloud resources.

select sub

Step 5: To confirm my active subscription, I entered 1, because it is the only active subscription I have. If you have more than one subscription, enter the number that corresponds to your subscription.
Test the command: az account show to view account details.

subscriptn

Step 6: To set your subscription to be the current active subscription, run the command: az account set --subscription "Your Subscription ID"

Notice You can use subscription name but it will throw an error if the CLI finds more than one match for that name in your cloud environment. On the other hand, ID is always unique.

error

Step 7: To confirm your active subscription run this command: az account show.

set

Notice that the isDefault field is now set to true for that subscription. This ensures you do not have to log in to your account everytime you restart your VScode_.

Create a Resource Group

In this section, we aim to create a resource group to act as the logical container for the entire lab environment.

Step 1: Set a variable for the resource group.
Store the resource group name and region in local bash variables. This is highly recommended to prevent typos throughout the rest of the lab and make the script easily reusable.

RG="azurecli-lab-rg"
This sets the shell variable RG so later commands can reference it with $RG.

LOCATION="eastus"
This sets the shell variable LOCATION so later commands can reference it with $LOCATION.

set

Step 2: Create the Resource Group

Create a named resource group in East US. All resources in this lab will be placed here for easy cleanup.

This is needed because Azure requires every resource to live inside a resource group. They make it easy to manage, monitor, and delete everything together at the end of the lab.

Operational Excellence — grouping related resources together is a best practice for manageability and cost tracking.
Run the command: az group create --name $RG --location $LOCATION.
This creates a resource group called "$RG" — a logical container for all the Azure resources in this lab.

created
Clearly, it was created because the properties are stated and Notice the ProvisioningState is "Succeeded".

But you can also verify if it was created by running this command: az group show --name $RG.

verify
Notice the output is the same exact output as the previous one.

Build a Virtual Network (VNet) & Subnet

This is aimed at creating a secure private network for your Azure resources to communicate on.

Step 1: Create the Virtual Network

Here, you will create a Virtual Network with a broad 10.0.0.0/16 IP address space.

This is necessary because VMs and other infrastructure need a secure, isolated private network to communicate with each other.
Creating an isolated network boundary is the foundational step of cloud security.
Run the command: az network vnet create --address-prefix 10.0.0.0/16 --resource-group $RG --name lab-vnet --location $LOCATION
vnet
It took just 2 seconds for this virtual network to provision. That's amazing!
Step 2: Create a Subnet

This would carve out a smaller 10.0.1.0/24 piece (subnet) of the VNet specifically for your VMs.

Why this is relevant
Segmenting networks allows you to apply different routing and firewall rules to different types of resources.

This aspect of security is known as network segmentation.
Run the CLI command: az network vnet subnet create --resource-group $RG --vnet-name lab-vnet --name lab-subnet --address-prefix 10.0.1.0/24

subnet
Step 3: Create a Network Security Group (NSG)

A Network Security Group acts as a virtual firewall.

This is important because without an NSG attached, Microsoft allows no inbound traffic but allows all outbound traffic. We need an NSG to poke specific holes in the firewall.

Controlling traffic flow with firewalls is a basic security requirement.
Run the command: az network nsg create --resource-group $RG --name lab-nsg

nsg
output
output
output
output
output
output
It's obvious the NSG has a lot of properties.
Step 4: Open port 22 (SSH) & 80 (HTTP)

Let's add inbound rules prioritizing SSH (port 22) and HTTP (port 80) access from the internet.
The reason for this action is that you'll need SSH to log in and configure the server, and HTTP so users can view the web page.

This explicitly defining inbound access using the principle of least privilege.
First ensure your terminal knows what $RG is by running this line first: $RG="azurecli-lab-rg"
Then create the SSH rule using this command:
az network nsg rule create
--resource-group $RG
--nsg-name lab-nsg
--name AllowSSH
--priority 1000
--destination-port-ranges 22
--access Allow
--protocol Tcp
--direction Inbound
Wait for the first command to finish. Then create the HTTP Rule by running this separate block:
az network nsg rule create
--resource-group $RG
--nsg-name lab-nsg
--name AllowHTTP
--priority 1010
--destination-port-ranges 80
--access Allow
--protocol Tcp
--direction Inbound

provision

provision

provision
Step 5:Attach NSG to Subnet

This enforces the firewall rules (NSG) at the subnet boundary.

It's Needed because by applying the NSG to the subnet ensures that any VM created in that subnet automatically inherits those exact firewall rules, thereby protecting the entire subnet.

Security — subnet-level application of security controls.
Run this block of commands:
az network vnet subnet update
--resource-group $RG
--vnet-name lab-vnet
--name lab-subnet
--network-security-group lab-nsg
Remember to run the resource group variable first if you restart the terminal.

nsg

Provision a Linux Virtual Machine

Here, you will create an Ubuntu VM with a public IP inside your VNet.
Step 1: Allocate a Public IP

This allocates a static public IP address in Azure.

It's Needed because without a public IP, the VM can only be accessed internally through the VNet or a VPN. You need this to reach your web server from your browser.

Reliability — using a Static IP ensures the address does not change upon reboot.
Run this command:
az network public-ip create
--resource-group $RG
--name lab-public-ip
--allocation-method Static
--sku Basic

IP
Step 2: Create the VM

This creates a B1s Ubuntu VM with auto-generated SSH keys and connects it to the existing subnet and firewall.

It's Needed because this is the actual cloud compute instance that will run your web application code.

Performance Efficiency — selecting the appropriately sized VM for your workload (B1s for dev/test).
Run this command: az vm create
--resource-group azurecli-lab-rg
--name lab-vm
--image Ubuntu2204
--size Standard_B2s_v2
--location koreacentral
--admin-username azureuser
--generate-ssh-keys
--vnet-name lab-vnet-kr
--subnet lab-subnet-kr
--public-ip-address lab-public-ip-kr `
--nsg lab-nsg-kr

vm
Notice I changed the size and location due to the unavailability of VMs in the East US because the free trial account has limitations I will no longer use the variable due to this reason.So might want to check out what your subscription can afford before start or upgrade later on.

Step 3: Retrieve the public IP

This will filter the Azure API response to return just the IP address string.

It's Needed because you'll need this IP to SSH into the machine and to test the web application.

Operational Excellence — automated retrieval of resource attributes avoids manual portal lookups.
Run the command: az network public-ip show
--resource-group azurecli-lab-rg
--name lab-public-ip-kr
--query ipAddress
--output tsv

ip
Step 4: Verify the VM is running

This queries the VM status and displays it in a clean table format.

It's Needed because you always verify provisioning success before attempting connections.

Operational Excellence — verification and monitoring.
Run the command: az vm show
--resource-group azurecli-lab-rg
--name lab-vm
--show-details
--query '{Name:name, State:powerState, IP:publicIps}'
--output table

running

Conclusion: Your Turn to Command the Cloud

Stepping out of the comfort zone of the Azure Portal and into the CLI is more than just a technical shift, it’s a mindset shift. By following this guide, you’ve moved from being a "user" of the cloud to someone who truly "architects" it.

Don't be discouraged if you hit errors along the way (we certainly did while building this lab!). Every SkuNotAvailable or InvalidParameter is just a signal that you're learning how the machine actually thinks. The more you practice, the more these commands will feel like a second language.

I’d love to hear from you! Let's go to the comment section👇👇

Top comments (0)