Share via


az stack mg

Manage Deployment Stacks at management group.

Commands

Name Description Type Status
az stack mg create

Create or update a deployment stack at management group scope.

Core GA
az stack mg delete

Delete specified deployment stack from management group scope.

Core GA
az stack mg export

Export the template used to create the deployment stack.

Core GA
az stack mg list

List all deployment stacks in management group.

Core GA
az stack mg show

Get specified deployment stack from management group scope.

Core GA
az stack mg validate

Validate a deployment stack at management group scope.

Core GA

az stack mg create

Create or update a deployment stack at management group scope.

az stack mg create --action-on-unmanage {deleteAll, deleteResources, detachAll}
                   --deny-settings-mode {denyDelete, denyWriteAndDelete, none}
                   --location
                   --management-group-id
                   --name
                   [--bse {false, true}]
                   [--cs]
                   [--deny-settings-excluded-actions]
                   [--deny-settings-excluded-principals]
                   [--deployment-subscription]
                   [--description]
                   [--no-wait]
                   [--parameters]
                   [--query-string]
                   [--tags]
                   [--template-file]
                   [--template-spec]
                   [--template-uri]
                   [--yes]

Examples

Create a deployment stack using template file and detach all resources on unmanage.

az stack mg create --name StackName --management-group-id myMg --template-file simpleTemplate.json --location westus2 --description description --deny-settings-mode None --action-on-unmanage detachAll

Create a deployment stack with parameter file and delete resources on unmanage.

az stack mg create --name StackName --management-group-id myMg --action-on-unmanage deleteResources --template-file simpleTemplate.json --parameters simpleTemplateParams.json --location westus2 --description description --deny-settings-mode None

Create a deployment stack with template spec.

az stack mg create --name StackName --management-group-id myMg --template-spec TemplateSpecResourceIDWithVersion --location westus2 --description description --deny-settings-mode None --action-on-unmanage deleteResources

Create a deployment stack using bicep file and delete all resources on unmanage.

az stack mg create --name StackName --management-group-id myMg --action-on-unmanage deleteAll --template-file simple.bicep --location westus2 --description description --deny-settings-mode None

Create a deployment stack using parameters from key/value pairs.

az stack mg create --name StackName --management-group-id myMg --template-file simpleTemplate.json --location westus --description description --parameters simpleTemplateParams.json value1=foo value2=bar --deny-settings-mode None --action-on-unmanage deleteResources

Create a deployment stack from a local template, using a parameter file, a remote parameter file, and selectively overriding key/value pairs.

az stack mg create --name StackName --management-group-id myMg --template-file azuredeploy.json --parameters @params.json --parameters https://mysite/params.json --parameters MyValue=This [email protected] --location westus --deny-settings-mode None --action-on-unmanage deleteResources

Create a deployment stack from a local template, using deny settings.

az stack mg create --name StackName --management-group-id myMg --template-file azuredeploy.json --deny-settings-mode denyDelete --deny-settings-excluded-actions Microsoft.Compute/virtualMachines/write --deny-settings-excluded-principals "test1 test2" --location westus --action-on-unmanage deleteResources

Create a deployment stack from a local template, apply deny settings to child scope.

az stack mg create --name StackName --management-group-id myMg --template-file azuredeploy.json --deny-settings-mode denyDelete --deny-settings-excluded-actions Microsoft.Compute/virtualMachines/write --deny-settings-apply-to-child-scopes --location westus --action-on-unmanage deleteResources

Required Parameters

--action-on-unmanage --aou

Defines what happens to resources that are no longer managed after the stack is updated or deleted.

Accepted values: deleteAll, deleteResources, detachAll
--deny-settings-mode --dm

Define which operations are denied on resources managed by the stack.

Accepted values: denyDelete, denyWriteAndDelete, none
--location -l

The location to store deployment stack.

--management-group-id -m

The management group id to create stack at.

--name -n

The name of the deployment stack.

Optional Parameters

--bse --bypass-stack-out-of-sync-error

Flag to bypass service errors that indicate the stack resource list is not correctly synchronized.

Accepted values: false, true
Default value: False
--cs --deny-settings-apply-to-child-scopes

DenySettings will be applied to child scopes.

Default value: False
--deny-settings-excluded-actions --ea

List of role-based management operations that are excluded from the denySettings. Up to 200 actions are permitted.

--deny-settings-excluded-principals --ep

List of AAD principal IDs excluded from the lock. Up to 5 principals are permitted.

--deployment-subscription --ds

The scope at which the initial deployment should be created. If a scope is not specified, it will default to the scope of the deployment stack.

--description

The description of deployment stack.

--no-wait

Do not wait for the long-running operation to finish.

Default value: False
--parameters -p

Parameters may be supplied from a file using the @{path} syntax, a JSON string, or as <KEY=VALUE> pairs. Parameters are evaluated in order, so when a value is assigned twice, the latter value will be used. It is recommended that you supply your parameters file first, and then override selectively using KEY=VALUE syntax.

--query-string -q

The query string (a SAS token) to be used with the template-uri in the case of linked templates.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--template-file -f

A path to a template file or Bicep file in the file system.

--template-spec -s

The template spec resource id.

--template-uri -u

A uri to a remote template file.

--yes

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az stack mg delete

Delete specified deployment stack from management group scope.

az stack mg delete --action-on-unmanage {deleteAll, deleteResources, detachAll}
                   --management-group-id
                   [--bse {false, true}]
                   [--id]
                   [--name]
                   [--yes]

Examples

Delete stack by name.

az stack mg delete --name StackName --management-group-id myMg --action-on-unmanage detachAll

Delete stack by stack resource id.

az stack mg delete --id /providers/Microsoft.Management/managementGroups/myMg/providers/Microsoft.Resources/deploymentStacks/StackName --management-group-id myMg --action-on-unmanage deleteAll

Required Parameters

--action-on-unmanage --aou

Defines what happens to resources that are no longer managed after the stack is updated or deleted.

Accepted values: deleteAll, deleteResources, detachAll
--management-group-id -m

The management group id to create stack at.

Optional Parameters

--bse --bypass-stack-out-of-sync-error

Flag to bypass service errors that indicate the stack resource list is not correctly synchronized.

Accepted values: false, true
Default value: False
--id

The deployment stack resource id.

--name -n

The deployment stack name.

--yes

Do not prompt for confirmation.

Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az stack mg export

Export the template used to create the deployment stack.

az stack mg export --management-group-id
                   [--id]
                   [--name]

Examples

Export template by name.

az stack mg export --name StackName --management-group-id myMg

Export template by stack resource id.

az stack mg export --id /providers/Microsoft.Management/managementGroups/myMg/providers/Microsoft.Resources/deploymentStacks/StackName --management-group-id myMg

Required Parameters

--management-group-id -m

The management group id to create stack at.

Optional Parameters

--id

The deployment stack resource id.

--name -n

The deployment stack name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az stack mg list

List all deployment stacks in management group.

az stack mg list --management-group-id

Examples

List all stacks

az stack mg list --management-group-id myMg

Required Parameters

--management-group-id -m

The management group id to create stack at.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az stack mg show

Get specified deployment stack from management group scope.

az stack mg show --management-group-id
                 [--id]
                 [--name]

Examples

Get stack by name.

az stack mg show --name StackName --management-group-id myMg

Get stack by stack resource id.

az stack mg show --id /providers/Microsoft.Management/managementGroups/myMg/providers/Microsoft.Resources/deploymentStacks/StackName --management-group-id myMg

Required Parameters

--management-group-id -m

The management group id to create stack at.

Optional Parameters

--id

The deployment stack resource id.

--name -n

The deployment stack name.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az stack mg validate

Validate a deployment stack at management group scope.

az stack mg validate --action-on-unmanage {deleteAll, deleteResources, detachAll}
                     --deny-settings-mode {denyDelete, denyWriteAndDelete, none}
                     --location
                     --management-group-id
                     --name
                     [--bse {false, true}]
                     [--cs]
                     [--deny-settings-excluded-actions]
                     [--deny-settings-excluded-principals]
                     [--deployment-subscription]
                     [--description]
                     [--parameters]
                     [--query-string]
                     [--tags]
                     [--template-file]
                     [--template-spec]
                     [--template-uri]

Examples

Validate a deployment stack using template file and detach all resources on unmanage.

az stack mg validate --name StackName --management-group-id myMg --template-file simpleTemplate.json --location westus2 --description description --deny-settings-mode None --action-on-unmanage detachAll

Validate a deployment stack with parameter file and delete resources on unmanage.

az stack mg validate --name StackName --management-group-id myMg --action-on-unmanage deleteResources --template-file simpleTemplate.json --parameters simpleTemplateParams.json --location westus2 --description description --deny-settings-mode None

Validate a deployment stack with template spec.

az stack mg validate --name StackName --management-group-id myMg --template-spec TemplateSpecResourceIDWithVersion --location westus2 --description description --deny-settings-mode None --action-on-unmanage deleteResources

Validate a deployment stack using bicep file and delete all resources on unmanage.

az stack mg validate --name StackName --management-group-id myMg --action-on-unmanage deleteAll --template-file simple.bicep --location westus2 --description description --deny-settings-mode None

Validate a deployment stack using parameters from key/value pairs.

az stack mg validate --name StackName --management-group-id myMg --template-file simpleTemplate.json --location westus --description description --parameters simpleTemplateParams.json value1=foo value2=bar --deny-settings-mode None --action-on-unmanage deleteResources

Validate a deployment stack from a local template, using a parameter file, a remote parameter file, and selectively overriding key/value pairs.

az stack mg validate --name StackName --management-group-id myMg --template-file azuredeploy.json --parameters @params.json --parameters https://mysite/params.json --parameters MyValue=This [email protected] --location westus --deny-settings-mode None --action-on-unmanage deleteResources

Validate a deployment stack from a local template, using deny settings.

az stack mg validate --name StackName --management-group-id myMg --template-file azuredeploy.json --deny-settings-mode denyDelete --deny-settings-excluded-actions Microsoft.Compute/virtualMachines/write --deny-settings-excluded-principals "test1 test2" --location westus --action-on-unmanage deleteResources

Validate a deployment stack from a local template, apply deny settings to child scope.

az stack mg validate --name StackName --management-group-id myMg --template-file azuredeploy.json --deny-settings-mode denyDelete --deny-settings-excluded-actions Microsoft.Compute/virtualMachines/write --deny-settings-apply-to-child-scopes --location westus --action-on-unmanage deleteResources

Required Parameters

--action-on-unmanage --aou

Defines what happens to resources that are no longer managed after the stack is updated or deleted.

Accepted values: deleteAll, deleteResources, detachAll
--deny-settings-mode --dm

Define which operations are denied on resources managed by the stack.

Accepted values: denyDelete, denyWriteAndDelete, none
--location -l

The location to store deployment stack.

--management-group-id -m

The management group id to create stack at.

--name -n

The name of the deployment stack.

Optional Parameters

--bse --bypass-stack-out-of-sync-error

Flag to bypass service errors that indicate the stack resource list is not correctly synchronized.

Accepted values: false, true
Default value: False
--cs --deny-settings-apply-to-child-scopes

DenySettings will be applied to child scopes.

Default value: False
--deny-settings-excluded-actions --ea

List of role-based management operations that are excluded from the denySettings. Up to 200 actions are permitted.

--deny-settings-excluded-principals --ep

List of AAD principal IDs excluded from the lock. Up to 5 principals are permitted.

--deployment-subscription --ds

The scope at which the initial deployment should be created. If a scope is not specified, it will default to the scope of the deployment stack.

--description

The description of deployment stack.

--parameters -p

Parameters may be supplied from a file using the @{path} syntax, a JSON string, or as <KEY=VALUE> pairs. Parameters are evaluated in order, so when a value is assigned twice, the latter value will be used. It is recommended that you supply your parameters file first, and then override selectively using KEY=VALUE syntax.

--query-string -q

The query string (a SAS token) to be used with the template-uri in the case of linked templates.

--tags

Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.

--template-file -f

A path to a template file or Bicep file in the file system.

--template-spec -s

The template spec resource id.

--template-uri -u

A uri to a remote template file.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.