您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn.

使用 Azure CLI 管理 Azure 资源和资源组Use the Azure CLI to manage Azure resources and resource groups

本文介绍如何使用 Azure CLI 和 Azure 资源管理器管理解决方案。In this article, you learn how to manage your solutions with Azure CLI and Azure Resource Manager. 如果不熟悉 Resource Manager,请参阅 Resource Manager 概述If you are not familiar with Resource Manager, see Resource Manager Overview. 本文重点介绍管理任务。This article focuses on management tasks. 将能够:You will:

  1. 创建资源组Create a resource group
  2. 将资源添加到资源组Add a resource to the resource group
  3. 向资源添加标记Add a tag to the resource
  4. 根据名称或标记值查询资源Query resources based on names or tag values
  5. 向资源应用和删除锁Apply and remove a lock on the resource
  6. 删除资源组Delete a resource group

本文不演示如何将 Resource Manager 模板部署到订阅。This article does not show how to deploy a Resource Manager template to your subscription. 有关该信息,请参阅使用资源管理器模板和 Azure CLI 部署资源For that information, see Deploy resources with Resource Manager templates and Azure CLI.

启动 Azure Cloud ShellLaunch Azure Cloud Shell

Azure Cloud Shell 是免费的交互式 shell,可以使用它运行本文中的步骤。The Azure Cloud Shell is a free interactive shell that you can use to run the steps in this article. 它预安装有常用 Azure 工具并将其配置与帐户一起使用。It has common Azure tools preinstalled and configured to use with your account. 请直接单击“复制”对代码进行复制,将其粘贴到 Cloud Shell 中,然后按 Enter 来运行它。Just click the Copy to copy the code, paste it into the Cloud Shell, and then press enter to run it. 可通过多种方式来启动 Cloud Shell:There are a few ways to launch the Cloud Shell:

单击代码块右上角的“试用”。Click Try It in the upper right corner of a code block. 本文中的 Cloud Shell
在浏览器中打开 Cloud Shell。Open Cloud Shell in your browser. https://shell.azure.com/bashhttps://shell.azure.com/bash
单击 Azure 门户右上角菜单上的“Cloud Shell”按钮。Click the Cloud Shell button on the menu in the upper right of the Azure portal. 门户中的 Cloud Shell

若要在本地安装和使用 CLI,请参阅安装 Azure CLI 2.0To install and use the CLI locally, see Install Azure CLI 2.0.

设置订阅Set subscription

如果有多个订阅,可切换到其他订阅。If you have more than one subscription, you can switch to a different subscription. 首先,请看帐户的所有订阅。First, let's see all the subscriptions for your account.

az account list

它将返回已启用和已禁用订阅的列表。It returns a list of your enabled and disabled subscriptions.

    "cloudName": "AzureCloud",
    "id": "<guid>",
    "isDefault": true,
    "name": "Example Subscription One",
    "registeredProviders": [],
    "state": "Enabled",
    "tenantId": "<guid>",
    "user": {
      "name": "example@contoso.org",
      "type": "user"

请注意,一个订阅已标记为默认。Notice that one subscription is marked as the default. 此订阅是操作的当前上下文。This subscription is your current context for operations. 若要切换到其他订阅,请使用 az account set 命令提供订阅名称。To switch to a different subscription, provide the subscription name with the az account set command.

az account set -s "Example Subscription Two"

若要显示当前订阅上下文,请使用不带参数的 az account showTo show the current subscription context, use az account show without a parameter:

az account show

创建资源组Create a resource group

必须先创建将包含资源的资源组,才能向订阅部署任何资源。Before deploying any resources to your subscription, you must create a resource group that will contain the resources.

若要创建资源组,请使用 az group create 命令。To create a resource group, use the az group create command. 该命令使用 name 参数指定资源组的名称,并使用 location 参数指定其位置。The command uses the name parameter to specify a name for the resource group and the location parameter to specify its location.

az group create --name TestRG1 --location "South Central US"

输入格式如下:The output is in the following format:

  "id": "/subscriptions/<subscription-id>/resourceGroups/TestRG1",
  "location": "southcentralus",
  "managedBy": null,
  "name": "TestRG1",
  "properties": {
    "provisioningState": "Succeeded"
  "tags": null

如果稍后需要检索资源组,请使用以下命令:If you need to retrieve the resource group later, use the following command:

az group show --name TestRG1

若要获取订阅中的所有资源组,请使用:To get all the resource groups in your subscription, use:

az group list

将资源添加到资源组Add resources to a resource group

要将资源添加到资源组中,可使用 az resource create 命令或特定于要创建的资源类型的命令(例如 az storage account create)。To add a resource to the resource group, you can use the az resource create command or a command that is specific to the type of resource you are creating (like az storage account create). 使用特定于资源类型的命令可能更轻松,因为它包含新资源所需属性的参数。You might find it easier to use a command that is specific to a resource type because it includes parameters for the properties that are needed for the new resource. 要使用 az resource create,必须了解不会提示而要设置的所有属性。To use az resource create, you must know all the properties to set without being prompted for them.

但是,通过脚本添加资源可能导致将来出现混乱,因为新的资源不存在于资源管理器模板中。However, adding a resource through script might cause future confusion because the new resource does not exist in a Resource Manager template. 通过模板,可以可靠地重复部署解决方案。Templates enable you to reliably and repeatedly deploy your solution.

以下命令创建存储帐户。The following command creates a storage account. 请勿使用示例所示的名称,而是为存储帐户提供唯一名称。Instead of using the name shown in the example, provide a unique name for the storage account. 此名称必须为 3 到 24 个字符,只能使用数字和小写字母。The name must be between 3 and 24 characters in length, and use only numbers and lower-case letters. 如果使用示例所示名称,将收到错误,因为该名称被使用。If you use the name shown in the example, you receive an error because that name is already in use.

az storage account create -n myuniquestorage -g TestRG1 -l westus --sku Standard_LRS

如果稍后需要检索此资源,请使用以下命令:If you need to retrieve this resource later, use the following command:

az storage account show --name myuniquestorage --resource-group TestRG1

添加标记Add a tag

标记可用于根据属性组织资源。Tags enable you to organize your resources according to different properties. 例如,可能有不同资源组中的多项资源属于同一部门。For example, you may have several resources in different resource groups that belong to the same department. 可对这些资源应用部门标签和值,将其标记为属于同一类别。You can apply a department tag and value to those resources to mark them as belonging to the same category. 也可标记资源是用于生产环境还是测试环境。Or, you can mark whether a resource is used in a production or test environment. 在本文中,只对一项资源应用标记,但在环境中最好向所有资源应用标记。In this article, you apply tags to only one resource, but in your environment it most likely makes sense to apply tags to all your resources.

以下命令将向存储帐户应用两个标记:The following command applies two tags to your storage account:

az resource tag --tags Dept=IT Environment=Test -g TestRG1 -n myuniquestorage --resource-type "Microsoft.Storage/storageAccounts"

各个标记作为单个对象更新。Tags are updated as a single object. 若要向已包含标记的资源添加标记,请首先检索现有标记。To add a tag to a resource that already includes tags, first retrieve the existing tags. 将新标记添加到包含现有标记的对象,并将所有标记重新应用到资源。Add the new tag to the object that contains the existing tags, and reapply all the tags to the resource.

jsonrtag=$(az resource show -g TestRG1 -n myuniquestorage --resource-type "Microsoft.Storage/storageAccounts" --query tags)
rt=$(echo $jsonrtag | tr -d '"{},' | sed 's/: /=/g')
az resource tag --tags $rt Project=Redesign -g TestRG1 -n myuniquestorage --resource-type "Microsoft.Storage/storageAccounts"

搜索资源Search for resources

使用 az resource list 命令可按不同搜索条件检索资源。Use the az resource list command to retrieve resources for different search conditions.

  • 若要按名称获取资源,请提供 name 参数:To get a resource by name, provide the name parameter:

    az resource list -n myuniquestorage
  • 若要获取资源组中的所有资源,请提供 resource-group 参数:To get all the resources in a resource group, provide the resource-group parameter:

    az resource list --resource-group TestRG1
  • 若要获取具有某个标记名称和值的所有资源,请提供 tag 参数:To get all the resources with a tag name and value, provide the tag parameter:

    az resource list --tag Dept=IT
  • 若要获取具有特定资源类型的所有资源,请提供 resource-type 参数:To all the resources with a particular resource type, provide the resource-type parameter:

    az resource list --resource-type "Microsoft.Storage/storageAccounts"

获取资源 IDGet resource ID

很多命令采用资源 ID 作为参数。Many commands take a resource ID as a parameter. 若要获取资源 ID 并将其存储在变量中,请使用:To get the ID for a resource and store in a variable, use:

webappID=$(az resource show -g exampleGroup -n exampleSite --resource-type "Microsoft.Web/sites" --query id --output tsv)

锁定资源Lock a resource

需要确保不会意外删除或修改关键资源时,请对资源应用锁定。When you need to make sure a critical resource is not accidentally deleted or modified, apply a lock to the resource. 可指定 CanNotDeleteReadOnlyYou can specify either a CanNotDelete or ReadOnly.

若要创建或删除管理锁,必须有权执行 Microsoft.Authorization/*Microsoft.Authorization/locks/* 操作。To create or delete management locks, you must have access to Microsoft.Authorization/* or Microsoft.Authorization/locks/* actions. 在内置角色中,只有“所有者”和“用户访问管理员”有权执行这些操作。Of the built-in roles, only Owner and User Access Administrator are granted those actions.

若要应用锁定,请使用以下命令:To apply a lock, use the following command:

az lock create --lock-type CanNotDelete --resource-name myuniquestorage --resource-group TestRG1 --resource-type Microsoft.Storage/storageAccounts --name storagelock

上例中,在删除锁之前,无法删除锁定的资源。The locked resource in the preceding example cannot be deleted until the lock is removed. 若要删除所,请使用:To remove a lock, use:

az lock delete --name storagelock --resource-group TestRG1 --resource-type Microsoft.Storage/storageAccounts --resource-name myuniquestorage

有关设置锁的详细信息,请参阅使用 Azure Resource Manager 锁定资源For more information about setting locks, see Lock resources with Azure Resource Manager.

删除资源或资源组Remove resources or resource group

可以删除资源或资源组。You can remove a resource or resource group. 删除资源组时,还会删除该资源组中的所有资源。When you remove a resource group, you also remove all the resources within that resource group.

  • 若要从资源组中删除某个资源,请针对要删除的资源类型使用删除命令。To delete a resource from the resource group, use the delete command for the resource type you are deleting. 此命令将删除该资源,但不会删除该资源组。The command deletes the resource, but does not delete the resource group.

    az storage account delete -n myuniquestorage -g TestRG1
  • 若要删除资源组及其所有资源,请使用 az group delete 命令。To delete a resource group and all its resources, use the az group delete command.

    az group delete -n TestRG1

使用这两个命令,都会要求确认是否要删除资源或资源组。For both commands, you are asked to confirm that you wish to remove the resource or resource group.

后续步骤Next steps