Manage Azure resources by using Python
Learn how to use Azure Python with Azure Resource Manager to manage your Azure resources. For managing resource groups, see Manage Azure resource groups by using Python.
Deploy resources to an existing resource group
You can deploy Azure resources directly by using Python, or deploy an Azure Resource Manager template (ARM template) to create Azure resources.
Deploy resources by using Python classes
The following example creates a storage account by using StorageManagementClient.storage_accounts.begin_create. The name for the storage account must be unique across Azure.
import os
import random
from azure.identity import AzureCliCredential
from azure.mgmt.storage import StorageManagementClient
credential = AzureCliCredential()
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
random_postfix = ''.join(random.choices('abcdefghijklmnopqrstuvwxyz1234567890', k=13))
storage_account_name = "demostore" + random_postfix
storage_client = StorageManagementClient(credential, subscription_id)
storage_account_result = storage_client.storage_accounts.begin_create(
"exampleGroup",
storage_account_name,
{
"location": "westus",
"sku": {
"name": "Standard_LRS"
}
}
)
Deploy a template
To deploy an ARM template, use ResourceManagementClient.deployments.begin_create_or_update. The following example deploys a remote template. That template creates a storage account.
import os
from azure.identity import AzureCliCredential
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.resource.resources.models import DeploymentMode
credential = AzureCliCredential()
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
resource_client = ResourceManagementClient(credential, subscription_id)
resource_group_name = input("Enter the resource group name: ")
location = input("Enter the location (i.e. centralus): ")
template_uri = "https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/quickstarts/microsoft.storage/storage-account-create/azuredeploy.json"
rg_deployment_result = resource_client.deployments.begin_create_or_update(
resource_group_name,
"exampleDeployment",
{
"properties": {
"templateLink": {
"uri": template_uri
},
"parameters": {
"location": {
"value": location
},
},
"mode": DeploymentMode.incremental
}
}
)
Deploy a resource group and resources
You can create a resource group and deploy resources to the group. For more information, see Create resource group and deploy resources.
Deploy resources to multiple subscriptions or resource groups
Typically, you deploy all the resources in your template to a single resource group. However, there are scenarios where you want to deploy a set of resources together but place them in different resource groups or subscriptions. For more information, see Deploy Azure resources to multiple subscriptions or resource groups.
Delete resources
The following example shows how to delete a storage account.
import os
from azure.identity import AzureCliCredential
from azure.mgmt.storage import StorageManagementClient
credential = AzureCliCredential()
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
storage_client = StorageManagementClient(credential, subscription_id)
resource_group_name = "demoGroup"
storage_account_name = "demostore"
storage_account = storage_client.storage_accounts.delete(
resource_group_name,
storage_account_name
)
For more information about how Azure Resource Manager orders the deletion of resources, see Azure Resource Manager resource group deletion.
Move resources
The following example shows how to move a storage account from one resource group to another resource group.
import os
from azure.identity import AzureCliCredential
from azure.mgmt.resource import ResourceManagementClient
credential = AzureCliCredential()
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
resource_client = ResourceManagementClient(credential, subscription_id)
src_resource_group_name = "sourceGroup"
dest_resource_group_name = "destinationGroup"
storage_account_name = "demostore"
dest_resource_group = resource_client.resource_groups.get(dest_resource_group_name)
storage_account = resource_client.resources.get(
src_resource_group_name, "Microsoft.Storage", "", "storageAccounts", storage_account_name, "2022-09-01"
)
move_result = resource_client.resources.begin_move_resources(
src_resource_group_name,
{
"resources": [storage_account.id],
"targetResourceGroup": dest_resource_group.id,
}
)
For more information, see Move resources to new resource group or subscription.
Lock resources
Locking prevents other users in your organization from accidentally deleting or modifying critical resources, such as Azure subscription, resource group, or resource.
The following example locks a web site so it can't be deleted.
import os
from azure.identity import AzureCliCredential
from azure.mgmt.resource import ManagementLockClient
credential = AzureCliCredential()
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
lock_client = ManagementLockClient(credential, subscription_id)
lock_result = lock_client.management_locks.create_or_update_at_resource_level(
"exampleGroup",
"Microsoft.Web",
"",
"sites",
"examplesite",
"lockSite",
{
"level": "CanNotDelete"
}
)
The following script gets all locks for a storage account:
import os
from azure.identity import AzureCliCredential
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.resource.locks import ManagementLockClient
credential = AzureCliCredential()
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
resource_client = ResourceManagementClient(credential, subscription_id)
lock_client = ManagementLockClient(credential, subscription_id)
resource_group_name = "demoGroup"
storage_account_name = "demostore"
resource = resource_client.resources.get_by_id(
f"/subscriptions/{subscription_id}/resourceGroups/{resource_group_name}/providers/Microsoft.Storage/storageAccounts/{storage_account_name}",
"2021-04-01"
)
locks = lock_client.management_locks.list_at_resource_level(
resource_group_name,
"Microsoft.Storage",
"",
"storageAccounts",
storage_account_name
)
for lock in locks:
print(f"Lock Name: {lock.name}, Lock Level: {lock.level}")
The following script deletes a lock of a web site:
import os
from azure.identity import AzureCliCredential
from azure.mgmt.resource import ManagementLockClient
credential = AzureCliCredential()
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
lock_client = ManagementLockClient(credential, subscription_id)
lock_client.management_locks.delete_at_resource_level(
"exampleGroup",
"Microsoft.Web",
"",
"sites",
"examplesite",
"lockSite"
)
For more information, see Lock resources with Azure Resource Manager.
Tag resources
Tagging helps organizing your resource group and resources logically. For information, see Using tags to organize your Azure resources.
Next steps
- To learn Azure Resource Manager, see Azure Resource Manager overview.
- To learn the Resource Manager template syntax, see Understand the structure and syntax of Azure Resource Manager templates.
- To learn how to develop templates, see the step-by-step tutorials.
- To view the Azure Resource Manager template schemas, see template reference.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for