Skip to content
Learni
View all tutorials
Cloud & DevOps

How to Master Azure CLI for DevOps in 2026

18 minEXPERT
DevOpsAzureAzure CLI
Lire en français

Introduction

Azure CLI is the essential command-line tool for DevOps and cloud engineers. In 2026, its use goes far beyond simple commands: it enables orchestrating complex environments, managing conditional deployments, and integrating robust CI/CD pipelines. This expert tutorial guides you through complete, reusable scripts. You will learn to secure authentication, leverage JMESPath to filter results, and handle errors professionally. Every example is immediately applicable in production.

Prerequisites

  • Azure CLI 2.60+ installed and updated
  • An active Azure subscription with Owner permissions
  • Advanced knowledge of Bash and JSON
  • Access to a Linux or WSL environment

Secure Authentication

auth.sh
#!/bin/bash
set -euo pipefail

az login --service-principal \
  --username $AZURE_CLIENT_ID \
  --password $AZURE_CLIENT_SECRET \
  --tenant $AZURE_TENANT_ID

az account set --subscription $AZURE_SUBSCRIPTION_ID

TOKEN=$(az account get-access-token --query accessToken -o tsv)
echo "Authentication successful"

This script uses service principal authentication for CI/CD environments. Environment variables prevent secrets from being exposed in plain text. set -euo pipefail ensures immediate exit on error.

Creating a Resource Group

create-rg.sh
#!/bin/bash
RG_NAME="rg-prod-$(date +%Y%m%d)"
LOCATION="westeurope"

az group create \
  --name $RG_NAME \
  --location $LOCATION \
  --tags Environment=Production Owner=DevOpsTeam

echo "Resource group created: $RG_NAME"

Dynamic creation with a timestamped name and mandatory tags. This approach avoids name conflicts and facilitates cost tracking in production.

Bicep Deployment with Validation

deploy-bicep.sh
#!/bin/bash
set -euo pipefail

PARAMS='{"location":{"value":"westeurope"}}'

az deployment group create \
  --resource-group $RG_NAME \
  --template-file main.bicep \
  --parameters "$PARAMS" \
  --what-if

az deployment group create \
  --resource-group $RG_NAME \
  --template-file main.bicep \
  --parameters "$PARAMS"

Use --what-if to preview changes before the actual deployment. The script is idempotent and secure thanks to set -euo pipefail.

JMESPath Extraction and Filtering

query-resources.sh
#!/bin/bash

az resource list \
  --resource-group $RG_NAME \
  --query "[?type=='Microsoft.Storage/storageAccounts'].{name:name, location:location, sku:sku.name}" \
  --output table

JMESPath enables precise resource filtering without post-processing. This technique is essential for audit and reporting scripts in production.

Conditional Cleanup Script

cleanup.sh
#!/bin/bash
set -euo pipefail

COUNT=$(az group list --query "[?tags.Environment=='Staging'] | length(@)" -o tsv)

if [ "$COUNT" -gt 0 ]; then
  az group delete --name $RG_NAME --yes --no-wait
  echo "Deletion started in background"
else
  echo "No groups to delete"
fi

Conditional cleanup prevents accidental deletions. The --no-wait option avoids blocking the CI/CD pipeline.

Best Practices

  • Always use set -euo pipefail in scripts
  • Prefer environment variables over plain-text secrets
  • Systematically add tags to all resources
  • Use --what-if before any deployment
  • Version your scripts and Bicep templates

Common Errors to Avoid

  • Forgetting to handle errors with set -e
  • Exposing secrets in pipeline logs
  • Not checking resource existence before deletion
  • Using static names that cause conflicts

Going Further

Deepen your Azure skills with our advanced training on automation and DevOps. Discover our certification paths: https://learni-group.com/formations