I have a number of instance running under my app service in Azure. I need to get back all the id's of these instances.
I am currently using
Get-AzureRmResource -ResourceGroupName $ResourceGroupName -ResourceType
Microsoft.Web/sites/instances -Name $WebAppName -ApiVersion 2016-03-01
But is there an equivalent command using the az cmdlets ?
I've tried the exact PowerShell command that you executed in Azure PowerShell. I could be able to get the expected results as shown:
I've tried to get the desired outcome with AZ cmdlet(Bash) and received the expected results using:
az webapp list-instances
To get the instances running info with their respective ID's on app service in Azure:
az configure --defaults group=xxxxResourceGroupName
az configure --defaults web=xxxxwebapp
az webapp list-instances --name xxxxwebappp --resource-group xxxxResourceGroupName
If you want to retrieve "default hostname, EnabledHostName as well as state" of WebApp, Use below command as shown:
Refer MSDoc az.webapp cmdlets
It is always recommended to use latest Az PowerShell module cmdlets instead of AzureRM since AzureRm is going to retire soon.
In the above answer shared by #jahanvi replace Get-AzureRMResource with Get-AzResource which is a relevant Az module cmdlet.
Alternatively, you can use the Azure Management RestAPI to get the list of instances running under a particular webapp using Invoke-RequestMethod you call the rest api from powershell as well.
Here is the sample script:
Connect-AzAccount
$context=Set-AzContext -Subscription "<subscriptionId>"
$token = Get-AzAccessToken
$authHeader=#{
'Content-Type'='application/json'
'Authorization'='Bearer '+ $token.Token
}
$instances=Invoke-RestMethod -Uri https://management.azure.com/subscriptions/<subscriptionId>/resourceGroups/<resourceGroupName>/providers/Microsoft.Web/sites/<WebAppName>/instances?api-version=2022-03-01 -Method GET -Headers $authHeader
$instances.value.id
Here is the sample screenshot for reference:
I was using the following command
$cogVisionEndpoint = (az cognitiveservices account show -n $accountName -g $resourceGroupName --query endpoint --output tsv)
but I found out that this stopped working when I ran this on another machine with a slightly newer version of Azure-CLI.
The JSON returned by the az cognitiveservices account show command is not consistent and looks like it has changed from version to a version.
How can I reliably get this not having to worry about the version of Azure CLI on the machine that I'm running on?
Or is there a completely different way to get the endpoint value?
With the newest version you will find endpoint in properties and since you rely on CLI version installed on the given machine you can simply modify your code to something like this:
$cogVisionEndpoint = (az cognitiveservices account show -n $accountName -g $resourceGroupName --query endpoint --output tsv)
if( !$cogVisionEndpoint ) {
$cogVisionEndpoint = (az cognitiveservices account show -n $accountName -g $resourceGroupName --query "properties.endpoint" --output tsv)
}
Trying to create a new azure eventgrid endpoint subscription based on the code in the Microsoft tutorial here errors:
az eventgrid event-subscription create --source-resource-id $topicid --name eventsubscriptionname --endpoint-type storagequeue --endpoint $queueid --expiration-date "2020-05-15"
Deployment failed. Correlation ID: xxxx. The attempt to validate the provided azure endpoint resource:xxxx failed.
The tutorial says to ensure the account has write access to the storage, which it does, I am the owner. All properties in the command have valid values and I am executing from the azure cli.
What could I be doing wrong?
That's weird... I tried on my side and I have the expected result using the following commands :
$resourcegroup="your resource group"
$storagename="your storage name"
$queuename="your queue name"
$topicname="your topic name"
$subscriptionname="your subscription name"
$storageid=az storage account show --name $storagename --resource-group $resourcegroup --query id --output tsv
$queueid="$storageid/queueservices/default/queues/$queuename"
$topicid=az eventgrid topic show --name $topicname -g $resourcegroup --query id --output tsv
az eventgrid event-subscription create --source-resource-id $topicid --name $subscriptionname --endpoint-type storagequeue --endpoint $queueid --expiration-date "2020-05-15"
I sued PowerShell version 5.1.18362.752 and AZ CLI version 2.5.1
Let's assume that an azure resource, ex "storage account" is being updated!
at the same time if I run a command like
az storage account update --default-action Allow --name MyStorageAccount --resource-group MyResourceGroup
It will throw an error
The request failed due to conflict with a concurrent request or something similar
So before running such command, how can I check if the resource is being used like being updated using Azure CLI
You could use az resource show to show everything about an Azure resource.
So in your case you would do:
az resource show -n "RESOURCE_NAME" -g "RESOURCE_GROUP" --resource-type "RESOURCE_TYPE"
I found the what I'm looking for inspired by the above answer at this link az resource wait
So it will be something like
az resource wait -n "RESOURCE_NAME" -g "RESOURCE_GROUP" --resource-type "RESOURCE_TYPE" --updated
Trying to perform an az cli login using a Service Principal and it is throwing an error stating No subscriptions found for <Service_Principal_AppId>. If this is expected, use '--allow-no-subscriptions'. This code has worked fine previously but now it does not appear to work any longer. Command line being used is below:
$sp_appid = (Get-AzureRmADServicePrincipal -DisplayName $spDisplayName).ApplicationId.Guid
$sp_secret = (Get-AzureKeyVaultSecret -VaultName $kvName -Name $appKeySecretName).SecretValueText
az login --service-principal --username $sp_appid --password $sp_secret --tenant $tenant_Id
I verified that the Service Principal is assigned the Contributor role at the subscription level.
After creating a service principal in the Azure Active Directory you need to give this new user some roles within a subscription:
go to your subscription
go to Access Control (IAM)
Add a roles assignment (for instance make your service principal contributor)
Then az login should work.
Actually, I don't recommend you to mix the Azure Powershell and CLI together. If you insist on doing it, I have tried your script, I could not reproduce your issue, it works fine.
According to the error, you could try to pass a --subscription, it also works.
$sp_appid = (Get-AzADServicePrincipal -DisplayName joywebapp2).ApplicationId.Guid
$sp_secret = (Get-AzKeyVaultSecret -VaultName joykeyvault1 -Name joywebapp2).SecretValueText
$tenant_Id = "xxxxxxxxxxxx"
$subscription_Id = "xxxxxxxxxxx"
az login --service-principal --username $sp_appid --password $sp_secret --tenant $tenant_Id --subscription $subscription_Id
Note: Due to the AzureRM powershell module has been deprecated, I use the new Az powershell module, if you want to upgrade to Az, see this link. (It may not be the reason of the issue, but I recommend you to upgrade it.)
Update:
We have to use AZ CLI simply for the property we are trying to grab...there is no PowerShell equivalent.
Actually you can login with a service principal via powershell, the strong password is the secret, more details see this post.
$azureAplicationId ="Azure AD Application Id"
$azureTenantId= "Your Tenant Id"
$azurePassword = ConvertTo-SecureString "strong password" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Add-AzureRmAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal
The original problem appears to have been a transient platform problem. Went back to the same code yesterday and it work with no issues.
For me, running cache purge worked:
az cache purge
Also, if it still does not work try printing verbose information using:
az login --verbose
I had the same issue that suddenly no subscriptions where showing up for my service principal (on 2 different build servers that I originally installed at the same time).
Updating the Azure CLI seemed to fix the issue.
Trying to az login with a Service Principal account, which does not have Role Based Access Control in its Subscription Scope, will fail with ERROR: No subscriptions found.
Moreover in recent Azure CLI, using the login command with the subscription flag would return unrecognized arguments: --subscription
Thus, to login without specifying subscription, make sure to add a role to your Service Principal account:
# Authenticate via browser
az login
# Get current subscription
subscriptionID=$(az account show --query id -o tsv)
# Create/update servie account with a role (e.g. "Owner")
az ad sp create-for-rbac --name ${theServiceAccount} --role Owner --scopes /subscriptions/${subscriptionID}
# Get current tenant
tenantID=$(az account show --query tenantId -o tsv)
# Login with the updated service account
az login --service-principal --tenant ${tenantID} -u yourUser -p yourPassword