1. Manage Azure resource groups with Function API
In this article series, you'll create an Azure Function app with APIs to manage Azure resource groups.
Features and functionality of this article series:
- Create local Azure Function app project in Visual Studio Code
- Create function APIs boilerplate code in Visual Studio Code
- Deploy to Azure Functions
- Create service principal
- Configure local and remote application settings
- Use DefaultAzureCredential in both local and remote environments
- Use Azure SDKs to use Azure Identity and Azure Resource Management APIs
- Use your local and cloud APIs to create, delete, and list resource groups in your subscription
Create or use an existing Azure subscription
You'll need an Azure user account with an active subscription. Create one for free.
Prerequisites
- Node.js and npm installed to your local machine.
- Visual Studio Code installed to your local machine.
- Azure Function to deploy a Function app to Azure.
- Azure Resources to view Azure resource groups.
- Azure CLI installed to your local machine.
While the source code is written with TypeScript, the source code is simple. If you are comfortable with modern JavaScript, the code in this article series will be familiar to you.
Application architecture
The app provides the following API endpoints.
| Method | URL | Description |
|---|---|---|
| POST,DELETE | http://localhost:7071/api/resource-group | Add, delete a resource group. |
| GET | http://localhost:7071/api/resource-groups | List all resource groups in subscription. |
| GET | http://localhost:7071/api/resources | List all resources in a subscription or resource group. |
While these endpoints are public in this article series, you should secure your API endpoints with authentication and authorization before deploying to your live environment.
This app is limited to a subscription because that is what the DefaultAzureCredential specifies.
Preparing your environment
You must prepare your local and cloud environments to use the Azure Identity SDK.
Create an Azure service principal
An Azure service principal provides access to Azure without having to use your personal user credentials. The service principal can be used both in your local and cloud environments.
In a bash terminal, sign in to the Azure CLI:
az loginDetermine a service principal name format so you can easily find your service principal later. For example, several format ideas are:
- Your project and owner:
resource-management-john-smith. - Your department and date:
IT-2021-September - A unique identifier:
1e8966d7-ba85-424b-9db4-c39e1ae9d0ca
- Your project and owner:
In a bash terminal, create your service principal with az ad sp create-for-rbac:
az ad sp create-for-rbac --name YOUR-SERVICE-PRINCIPAL-NAME --role ContributorCopy the entire output results to a temporary file. You will need these settings later.
{ "appId": "YOUR-SERVICE-PRINCIPAL-ID", "displayName": "YOUR-SERVICE-PRINCIPAL-NAME", "name": "http://YOUR-SERVICE-PRINCIPAL-NAME", "password": "!@#$%", "tenant": "YOUR-TENANT-ID" }
Get your Azure subscription ID
In a bash terminal, get your subscriptions and find the subscription ID you want to use for this article series.
az account list --output tableCopy the subscription ID to the previous temporary file. You will need this setting later.