Azure Cheatsheet Cheatsheet

🖥️

Azure CLI & VMs

COMPUTE

azure-cli-setup

# ── Install & Login ──
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
az login
az account set --subscription "My Subscription"
az account list --output table

# ── Create Resource Group ──
az group create --name myResourceGroup --location eastus

# ── Create Virtual Machine ──
az vm create   --resource-group myResourceGroup   --name myVM   --image Ubuntu2204   --size Standard_B2s   --admin-username azureuser   --generate-ssh-keys   --public-ip-sku Standard

# ── Open Port (NSG) ──
az vm open-port   --resource-group myResourceGroup   --name myVM   --port 80 --port 443 --port 22

# ── VM Management ──
az vm list --resource-group myResourceGroup -o table
az vm show --resource-group myResourceGroup --name myVM
az vm start --resource-group myResourceGroup --name myVM
az vm stop --resource-group myResourceGroup --name myVM
az vm restart --resource-group myResourceGroup --name myVM
az vm deallocate --resource-group myResourceGroup --name myVM
az vm delete --resource-group myResourceGroup --name myVM --yes

# ── Resize VM ──
az vm resize --resource-group myResourceGroup --name myVM --size Standard_B4ms

# ── Get Public IP ──
az vm show -d -g myResourceGroup -n myVM --query publicIps -o tsv

azure-app-service

# ── App Service (Web Apps) ──
# Create App Service Plan
az appservice plan create   --name myAppPlan --resource-group myResourceGroup   --sku B1 --is-linux

# Create Web App
az webapp create   --resource-group myResourceGroup   --plan myAppPlan   --name my-webapp-unique123   --runtime "NODE|18-lts"

# Deploy from GitHub
az webapp deployment source config   --name my-webapp-unique123   --resource-group myResourceGroup   --repo-url https://github.com/user/repo   --branch main

# Deploy from local
az webapp up --name my-webapp-unique123 --resource-group myResourceGroup

# Configure Environment Variables
az webapp config appsettings set   --name my-webapp-unique123   --resource-group myResourceGroup   --settings DB_HOST=localhost DB_PORT=5432

# View Logs
az webapp log tail --name my-webapp-unique123 --resource-group myResourceGroup

# Custom Domain & SSL
az webapp config hostname add   --webapp-name my-webapp-unique123   --resource-group myResourceGroup   --hostname www.example.com
az webapp config ssl create   --name my-ssl-cert   --resource-group myResourceGroup   --hostname www.example.com

VM Sizes

Series	Size	vCPUs	RAM	Use Case
B (Burstable)	Standard_B2s	2	4 GB	Dev/test, low traffic
D (General)	Standard_D4s_v5	4	16 GB	Web apps, databases
E (Memory)	Standard_E4s_v5	4	32 GB	Memory-intensive
F (Compute)	Standard_F4s_v2	4	8 GB	CPU-intensive
NP (AI/GPU)	Standard_NC6	6	56 GB	ML training, CUDA

App Service Tiers

Tier	Instances	Features
Free (F1)	Shared	60 min/day, 1 GB RAM
Basic (B1)	1-3 dedicated	Custom domain, SSL
Standard (S1)	1-10	Auto-scale, slots
Premium (P1v3)	1-30	VNet, backup, more instances
Isolated (I1v3)	1-30	VNet integration, compliance

🗄️

Storage & Databases

DATA

azure-storage

# ── Azure Blob Storage ──
# Create Storage Account
az storage account create   --name mystorageacct123   --resource-group myResourceGroup   --location eastus   --sku Standard_LRS   --kind StorageV2

# Create Container
az storage container create   --name my-container   --account-name mystorageacct123   --auth-mode login   --public-access container

# Upload Files
az storage blob upload   --account-name mystorageacct123   --container-name my-container   --name index.html   --file ./index.html

# List Blobs
az storage blob list   --account-name mystorageacct123   --container-name my-container   --output table

# Generate SAS Token (7 day expiry)
az storage blob generate-sas   --account-name mystorageacct123   --container-name my-container   --name index.html   --permissions r   --expiry 2025-12-31T23:59:00Z

# ── Azure SQL Database ──
# Create SQL Server
az sql server create   --name my-sql-server-123   --resource-group myResourceGroup   --location eastus   --admin-user sqladmin   --admin-password MyStr0ngP@ssw0rd!

# Create SQL Database
az sql db create   --resource-group myResourceGroup   --server my-sql-server-123   --name myDatabase   --service-objective S1

# Configure Firewall
az sql server firewall-rule create   --resource-group myResourceGroup   --server my-sql-server-123   --name AllowMyIP   --start-ip-address 0.0.0.0   --end-ip-address 255.255.255.255

azure-cosmosdb

# ── Azure Cosmos DB ──
az cosmosdb create   --name my-cosmos-123   --resource-group myResourceGroup   --kind MongoDB   --server-version 4.2   --locations regionName=eastus

az cosmosdb mongodb database create   --account-name my-cosmos-123   --resource-group myResourceGroup   --name myDatabase

az cosmosdb mongodb collection create   --account-name my-cosmos-123   --resource-group myResourceGroup   --database-name myDatabase   --name myCollection   --shard /_id

# ── Azure Cache for Redis ──
az redis create   --name my-cache-123   --resource-group myResourceGroup   --location eastus   --sku Basic   --vm-size C0

Storage Account Types

SKU	Replication	Use Case
Standard_LRS	Locally redundant	Dev/test, non-critical
Standard_ZRS	Zone redundant	High availability, single region
Standard_GRS	Geo-redundant	Disaster recovery, 2 regions
Standard_RAGRS	Read-access GRS	Read access to secondary
Premium_LRS	Premium performance	Low-latency, high throughput

Blob Access Tiers

Tier	Cost	Access	Min Stay
Hot	Higher storage, lower access	Immediate	None
Cool	Lower storage, higher access	Hours	30 days
Cold	Lowest storage	Hours	90 days
Archive	Cheapest	Hours	180 days

⚡

Functions & AKS

SERVERLESS

azure-functions

# ── Azure Functions (Serverless) ──
# Create Function App
az functionapp create   --resource-group myResourceGroup   --consumption-plan-location eastus   --runtime node   --functions-version 4   --name my-func-app-123   --storage-account mystorageacct123

# Create HTTP Trigger Function
func new --template "HTTP trigger" --name HttpExample

# Deploy Functions
func azure functionapp publish my-func-app-123

# ── Azure Kubernetes Service (AKS) ──
# Create AKS Cluster
az aks create   --resource-group myResourceGroup   --name myAKSCluster   --node-count 3   --node-vm-size Standard_B2s   --enable-managed-identity   --generate-ssh-keys   --enable-addons monitoring

# Get Credentials
az aks get-credentials   --resource-group myResourceGroup   --name myAKSCluster

# Scale Nodes
az aks scale   --resource-group myResourceGroup   --name myAKSCluster   --node-count 5

# Upgrade Cluster
az aks upgrade   --resource-group myResourceGroup   --name myAKSCluster   --kubernetes-version 1.29

# List Nodes
kubectl get nodes

HttpExample/index.js

// ── Azure Function: HTTP Trigger (Node.js) ──
const { app } = require('@azure/functions');

app.http('HttpExample', {
  methods: ['GET', 'POST'],
  authLevel: 'function',
  handler: async (request, context) => {
    context.log('HTTP trigger function processed a request.');

    const name = request.query.get('name') ||
                 (await request.json()).name;

    if (!name) {
      return {
        status: 400,
        body: JSON.stringify({ error: 'Please pass a name.' }),
        headers: { 'Content-Type': 'application/json' },
      };
    }

    return {
      status: 200,
      body: JSON.stringify({ message: `Hello, ${name}!` }),
      headers: { 'Content-Type': 'application/json' },
    };
  },
});

Function Triggers

Trigger	Use Case	Binding
HTTP Trigger	REST APIs, Webhooks	req/res
Timer Trigger	Scheduled tasks	Cron expression
Blob Trigger	File uploads	Blob storage
Queue Trigger	Async processing	Storage Queue
Service Bus	Enterprise messaging	Service Bus Queue
Event Grid	React to events	Event Grid topic
Cosmos DB	Database changes	Change feed

Hosting Plans

Plan	Scaling	Pricing
Consumption	Auto (1-200 instances)	Pay per execution
Premium	Auto (min instances)	VNet, unlimited duration
Dedicated (App Service)	Manual/Auto	Predictable cost
Kubernetes (AKS)	K8s scaling	Full control

🔐

IAM & Active Directory

SECURITY

azure-iam

# ── Role-Based Access Control (RBAC) ──
# List available roles
az role definition list --output table

# Assign role to user
az role assignment create   --assignee user@example.com   --role "Contributor"   --resource-group myResourceGroup

# Assign role to a service principal (app)
az role assignment create   --assignee APP_ID   --role "Storage Blob Data Contributor"   --scope /subscriptions/SUB_ID/resourceGroups/myRG

# List role assignments
az role assignment list --assignee user@example.com -o table
az role assignment list --resource-group myResourceGroup -o table

# ── Service Principal (App Registration) ──
az ad sp create-for-rbac   --name "my-app-sp"   --role Contributor   --scopes /subscriptions/SUB_ID

# Output: appId, password, tenant
az ad sp list --display-name "my-app-sp" -o table
az ad sp show --id APP_ID

# ── Azure Key Vault ──
az keyvault create   --name my-kv-12345   --resource-group myResourceGroup   --location eastus

az keyvault secret set   --vault-name my-kv-12345   --name MySecret   --value "my-secret-value"

az keyvault secret show   --vault-name my-kv-12345   --name MySecret

Built-in Roles

Role	Scope	Permissions
Owner	Subscription/RG	Full access + manage access
Contributor	Subscription/RG	Full access except RBAC
Reader	Subscription/RG	View resources only
User Access Admin	Subscription/RG	Manage RBAC access
Key Vault Secrets User	Key Vault	Read secrets only
Storage Blob Data Owner	Storage	Full blob access
AcrPush	Container Registry	Push images

Common Azure Services

Service	CLI Command	Purpose
Virtual Machines	az vm	Compute instances
App Service	az webapp	Managed web hosting
Functions	az functionapp	Serverless compute
Blob Storage	az storage	Object storage
SQL Database	az sql db	Managed SQL DB
Cosmos DB	az cosmosdb	NoSQL database
Key Vault	az keyvault	Secrets management
AKS	az aks	Managed Kubernetes
Redis Cache	az redis	In-memory cache

🚫

Principle of least privilege: Always assign the minimum permissions needed (e.g., Reader instead of Contributor). Use Managed Identities instead of service principals when possible. Store all secrets in Key Vault, never in code or config files.

🎓

Interview Q&A

COMMON QUESTIONS

Q1: What is the difference between Azure Blob Storage tiers?

Hot: Highest storage cost, lowest access cost, for frequently accessed data.Cool: Lower storage cost, higher access cost, minimum 30-day stay, for infrequently accessed data.Cold: Even lower storage cost, higher access latency, 90-day minimum.Archive: Cheapest, highest access latency, 180-day minimum, requires rehydration before access. You can transition blobs between tiers automatically using lifecycle management policies.

Q2: Explain Azure Regions and Availability Zones

Azure has 60+ regions worldwide. Each region is a separate geographic area with data centers.Availability Zones are physically separate locations within an Azure region (each with independent power, cooling, networking). Deploying across multiple AZs provides high availability. Region pairs are geographically separated for disaster recovery.

Q3: What is the difference between App Service and Azure Functions?

App Service is a fully managed platform for hosting web apps, APIs, and backends with persistent instances.Azure Functions is serverless — instances spin up on demand and scale to zero when idle, billed per execution. Use App Service for long-running or always-on workloads. Use Functions for event-driven, intermittent, or short-lived tasks.

💡

Azure interview tips: Know the Well-Architected Framework (Security, Reliability, Cost, Operations, Performance), understand Azure IAM/RBAC deeply, compare Azure vs AWS services, explain the Shared Responsibility Model, and discuss real-world patterns: multi-region deployment, auto-scaling, and disaster recovery.

⏳

Loading cheatsheet...

# ── Install & Login ── curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash az login az account set --subscription "My Subscription" az account list --output table # ── Create Resource Group ── az group create --name myResourceGroup --location eastus # ── Create Virtual Machine ── az vm create --resource-group myResourceGroup --name myVM --image Ubuntu2204 --size Standard_B2s --admin-username azureuser --generate-ssh-keys --public-ip-sku Standard # ── Open Port (NSG) ── az vm open-port --resource-group myResourceGroup --name myVM --port 80 --port 443 --port 22 # ── VM Management ── az vm list --resource-group myResourceGroup -o table az vm show --resource-group myResourceGroup --name myVM az vm start --resource-group myResourceGroup --name myVM az vm stop --resource-group myResourceGroup --name myVM az vm restart --resource-group myResourceGroup --name myVM az vm deallocate --resource-group myResourceGroup --name myVM az vm delete --resource-group myResourceGroup --name myVM --yes # ── Resize VM ── az vm resize --resource-group myResourceGroup --name myVM --size Standard_B4ms # ── Get Public IP ── az vm show -d -g myResourceGroup -n myVM --query publicIps -o tsv

# ── App Service (Web Apps) ── # Create App Service Plan az appservice plan create --name myAppPlan --resource-group myResourceGroup --sku B1 --is-linux # Create Web App az webapp create --resource-group myResourceGroup --plan myAppPlan --name my-webapp-unique123 --runtime "NODE|18-lts" # Deploy from GitHub az webapp deployment source config --name my-webapp-unique123 --resource-group myResourceGroup --repo-url https://github.com/user/repo --branch main # Deploy from local az webapp up --name my-webapp-unique123 --resource-group myResourceGroup # Configure Environment Variables az webapp config appsettings set --name my-webapp-unique123 --resource-group myResourceGroup --settings DB_HOST=localhost DB_PORT=5432 # View Logs az webapp log tail --name my-webapp-unique123 --resource-group myResourceGroup # Custom Domain & SSL az webapp config hostname add --webapp-name my-webapp-unique123 --resource-group myResourceGroup --hostname www.example.com az webapp config ssl create --name my-ssl-cert --resource-group myResourceGroup --hostname www.example.com

Series

Size

vCPUs

RAM

Use Case

B (Burstable)

Standard_B2s

4 GB

Dev/test, low traffic

D (General)

Standard_D4s_v5

16 GB

Web apps, databases

E (Memory)

Standard_E4s_v5

32 GB

Memory-intensive

F (Compute)

Standard_F4s_v2

8 GB

CPU-intensive

NP (AI/GPU)

Standard_NC6

56 GB

ML training, CUDA

Tier

Instances

Features

Free (F1)

Shared

60 min/day, 1 GB RAM

Basic (B1)

1-3 dedicated

Custom domain, SSL

Standard (S1)

1-10

Auto-scale, slots

Premium (P1v3)

1-30

VNet, backup, more instances

Isolated (I1v3)

1-30

VNet integration, compliance

# ── Azure Blob Storage ── # Create Storage Account az storage account create --name mystorageacct123 --resource-group myResourceGroup --location eastus --sku Standard_LRS --kind StorageV2 # Create Container az storage container create --name my-container --account-name mystorageacct123 --auth-mode login --public-access container # Upload Files az storage blob upload --account-name mystorageacct123 --container-name my-container --name index.html --file ./index.html # List Blobs az storage blob list --account-name mystorageacct123 --container-name my-container --output table # Generate SAS Token (7 day expiry) az storage blob generate-sas --account-name mystorageacct123 --container-name my-container --name index.html --permissions r --expiry 2025-12-31T23:59:00Z # ── Azure SQL Database ── # Create SQL Server az sql server create --name my-sql-server-123 --resource-group myResourceGroup --location eastus --admin-user sqladmin --admin-password MyStr0ngP@ssw0rd! # Create SQL Database az sql db create --resource-group myResourceGroup --server my-sql-server-123 --name myDatabase --service-objective S1 # Configure Firewall az sql server firewall-rule create --resource-group myResourceGroup --server my-sql-server-123 --name AllowMyIP --start-ip-address 0.0.0.0 --end-ip-address 255.255.255.255

# ── Azure Cosmos DB ── az cosmosdb create --name my-cosmos-123 --resource-group myResourceGroup --kind MongoDB --server-version 4.2 --locations regionName=eastus az cosmosdb mongodb database create --account-name my-cosmos-123 --resource-group myResourceGroup --name myDatabase az cosmosdb mongodb collection create --account-name my-cosmos-123 --resource-group myResourceGroup --database-name myDatabase --name myCollection --shard /_id # ── Azure Cache for Redis ── az redis create --name my-cache-123 --resource-group myResourceGroup --location eastus --sku Basic --vm-size C0

SKU

Replication

Use Case

Standard_LRS

Locally redundant

Dev/test, non-critical

Standard_ZRS

Zone redundant

High availability, single region

Standard_GRS

Geo-redundant

Disaster recovery, 2 regions

Standard_RAGRS

Read-access GRS

Read access to secondary

Premium_LRS

Premium performance

Low-latency, high throughput

Tier

Cost

Access

Min Stay

Hot

Higher storage, lower access

Immediate

None

Cool

Lower storage, higher access

Hours

30 days

Cold

Lowest storage

Hours

90 days