Azure
01README
Azure infrastructure management via az CLI — 23 model types covering compute, networking, data, security, identity, monitoring, DNS, DevOps, and subscription-wide topology with Mermaid diagrams and cost estimation.
02Release Notes
Add curated README and LICENSE to tarball (additionalFiles), bringing extension's Swamp Club quality grade from F/B to A-/B.
03Models
@dougschaefer/azure-application-gatewayv2026.03.29.1azure/application_gateway.ts
fn list()
List all application gateways in a resource group (or subscription).
fn get(name: string, resourceGroup?: string)
Get a single application gateway.
| Argument | Type | Description |
|---|---|---|
| name | string | Application gateway name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of an application gateway without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Application gateway name |
| resourceGroup? | string | Resource group name |
fn delete(name: string, resourceGroup?: string)
Delete an application gateway.
| Argument | Type | Description |
|---|---|---|
| name | string | Application gateway name |
| resourceGroup? | string | Resource group name |
Resources
appGateway(infinite)— Azure Application Gateway (L7 load balancer)
@dougschaefer/azure-bastionv2026.03.29.1azure/bastion.ts
fn list()
List all Bastion hosts in the subscription.
fn get(name: string, resourceGroup?: string)
Get a single Bastion host.
| Argument | Type | Description |
|---|---|---|
| name | string | Bastion host name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a Bastion host without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Bastion host name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string)
Create a Bastion host. Requires a VNet with an AzureBastionSubnet.
| Argument | Type | Description |
|---|---|---|
| name | string | Bastion host name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region |
fn delete(name: string, resourceGroup?: string)
Delete a Bastion host.
| Argument | Type | Description |
|---|---|---|
| name | string | Bastion host name |
| resourceGroup? | string | Resource group name |
Resources
bastion(infinite)— Azure Bastion host for secure VM access
@dougschaefer/azure-devopsv2026.03.28.1azure/devops.ts
Global Arguments
| Argument | Type | Description |
|---|---|---|
| organization | string | Azure DevOps organization URL. Use: ${{ vault.get('azure-devops', 'ORG_URL') }} |
fn listProjects()
List all projects in the organization.
fn getProject(project: string)
Get a single project by name.
| Argument | Type | Description |
|---|---|---|
| project | string | Project name |
fn listRepos(project?: string)
List Git repositories in a project.
| Argument | Type | Description |
|---|---|---|
| project? | string | Project name (overrides global) |
fn getRepo(repository: string, project?: string)
Get a single repository by name or ID.
| Argument | Type | Description |
|---|---|---|
| repository | string | Repository name or ID |
| project? | string | Project name (overrides global) |
fn createRepo(name: string, project?: string)
Create a new Git repository.
| Argument | Type | Description |
|---|---|---|
| name | string | Repository name |
| project? | string | Project name (overrides global) |
fn deleteRepo(id: string, project?: string)
Delete a Git repository by ID.
| Argument | Type | Description |
|---|---|---|
| id | string | Repository ID |
| project? | string | Project name (overrides global) |
fn listPipelines(project?: string)
List pipelines in a project.
| Argument | Type | Description |
|---|---|---|
| project? | string | Project name (overrides global) |
fn getPipeline(id: number, project?: string)
Get a single pipeline by ID.
| Argument | Type | Description |
|---|---|---|
| id | number | Pipeline ID |
| project? | string | Project name (overrides global) |
fn runPipeline(id: number, branch?: string, project?: string)
Trigger a pipeline run.
| Argument | Type | Description |
|---|---|---|
| id | number | Pipeline ID |
| branch? | string | Source branch to build |
| project? | string | Project name (overrides global) |
fn listBuilds(top?: number, project?: string)
List recent pipeline builds.
| Argument | Type | Description |
|---|---|---|
| top? | number | Number of builds to return (default 20) |
| project? | string | Project name (overrides global) |
fn getBuild(id: number, project?: string)
Get a single build by ID.
| Argument | Type | Description |
|---|---|---|
| id | number | Build ID |
| project? | string | Project name (overrides global) |
fn listWorkItems(wiql?: string, project?: string)
Query work items using WIQL. Defaults to recent items in the project.
| Argument | Type | Description |
|---|---|---|
| wiql? | string | WIQL query string |
| project? | string | Project name (overrides global) |
fn getWorkItem(id: number, project?: string)
Get a single work item by ID.
| Argument | Type | Description |
|---|---|---|
| id | number | Work item ID |
| project? | string | Project name (overrides global) |
fn createWorkItem(title: string, type: string, assignedTo?: string, areaPath?: string, description?: string, project?: string)
Create a new work item.
| Argument | Type | Description |
|---|---|---|
| title | string | Work item title |
| type | string | Work item type (e.g. Bug, Task, User Story) |
| assignedTo? | string | Assigned user |
| areaPath? | string | Area path |
| description? | string | Work item description |
| project? | string | Project name (overrides global) |
fn updateWorkItem(id: number, project?: string)
Update a work item by ID with field/value pairs.
| Argument | Type | Description |
|---|---|---|
| id | number | Work item ID |
| project? | string | Project name (overrides global) |
Resources
project(infinite)— Azure DevOps project
repo(infinite)— Azure DevOps Git repository
pipeline(infinite)— Azure DevOps pipeline
build(infinite)— Azure DevOps pipeline build/run
workItem(infinite)— Azure DevOps work item
@dougschaefer/azure-diskv2026.03.29.1azure/disk.ts
fn list()
List all managed disks in a resource group (or all in the subscription).
fn get(name: string, resourceGroup?: string)
Get a single managed disk.
| Argument | Type | Description |
|---|---|---|
| name | string | Disk name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a managed disk without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Disk name |
| resourceGroup? | string | Resource group name |
fn listOrphaned()
List managed disks that are not attached to any VM (diskState is Unattached).
fn create(name: string, resourceGroup?: string, location: string, sizeGb: number, zone?: string)
Create a managed disk.
| Argument | Type | Description |
|---|---|---|
| name | string | Disk name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region |
| sizeGb | number | Disk size in GB |
| zone? | string | Availability zone (1, 2, or 3) |
fn delete(name: string, resourceGroup?: string)
Delete a managed disk. Disk must be unattached.
| Argument | Type | Description |
|---|---|---|
| name | string | Disk name |
| resourceGroup? | string | Resource group name |
Resources
disk(infinite)— Azure managed disk
@dougschaefer/azure-dnsv2026.03.28.1azure/dns.ts
fn listZones()
List all DNS zones in a resource group (or all in the subscription if no resource group specified).
fn getZone(name: string, resourceGroup?: string)
Get a single DNS zone.
| Argument | Type | Description |
|---|---|---|
| name | string | DNS zone name |
| resourceGroup? | string | Resource group name |
fn createZone(name: string, resourceGroup?: string)
Create a DNS zone.
| Argument | Type | Description |
|---|---|---|
| name | string | DNS zone name, e.g. example.com |
| resourceGroup? | string | Resource group name |
fn deleteZone(name: string, resourceGroup?: string)
Delete a DNS zone.
| Argument | Type | Description |
|---|---|---|
| name | string | DNS zone name |
| resourceGroup? | string | Resource group name |
fn syncZone(name: string, resourceGroup?: string)
Refresh stored state for a DNS zone.
| Argument | Type | Description |
|---|---|---|
| name | string | DNS zone name |
| resourceGroup? | string | Resource group name |
fn listRecords(zoneName: string, resourceGroup?: string)
List all record sets in a DNS zone.
| Argument | Type | Description |
|---|---|---|
| zoneName | string | DNS zone name |
| resourceGroup? | string | Resource group name |
fn getRecord(zoneName: string, name: string, resourceGroup?: string)
Get a specific record set from a DNS zone.
| Argument | Type | Description |
|---|---|---|
| zoneName | string | DNS zone name |
| name | string | Record set name (e.g. 'www', '@' for apex) |
| resourceGroup? | string | Resource group name |
fn createRecord(zoneName: string, name: string, resourceGroup?: string)
Add a record to a record set in a DNS zone. Creates the record set if it does not exist.
| Argument | Type | Description |
|---|---|---|
| zoneName | string | DNS zone name |
| name | string | Record set name (e.g. 'www', '@' for apex) |
| resourceGroup? | string | Resource group name |
fn deleteRecord(zoneName: string, name: string, resourceGroup?: string)
Remove a single record from a record set in a DNS zone.
| Argument | Type | Description |
|---|---|---|
| zoneName | string | DNS zone name |
| name | string | Record set name |
| resourceGroup? | string | Resource group name |
fn deleteRecordSet(zoneName: string, name: string, resourceGroup?: string)
Delete an entire record set from a DNS zone.
| Argument | Type | Description |
|---|---|---|
| zoneName | string | DNS zone name |
| name | string | Record set name |
| resourceGroup? | string | Resource group name |
fn exportZone(zoneName: string, resourceGroup?: string)
Export a DNS zone as a zone file. Returns the zone file content as a string.
| Argument | Type | Description |
|---|---|---|
| zoneName | string | DNS zone name |
| resourceGroup? | string | Resource group name |
Resources
zone(infinite)— Azure DNS zone
recordSet(infinite)— DNS record set within a zone
@dougschaefer/azure-firewallv2026.04.02.1azure/firewall.ts
fn list()
List all Azure Firewalls in a resource group (or all in the subscription).
fn get(name: string, resourceGroup?: string)
Get a single Azure Firewall.
| Argument | Type | Description |
|---|---|---|
| name | string | Firewall name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of an Azure Firewall without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Firewall name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string, vnetName: string)
Create an Azure Firewall. Requires a VNet with an AzureFirewallSubnet.
| Argument | Type | Description |
|---|---|---|
| name | string | Firewall name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region |
| vnetName | string | VNet name (must have AzureFirewallSubnet) |
fn delete(name: string, resourceGroup?: string)
Delete an Azure Firewall.
| Argument | Type | Description |
|---|---|---|
| name | string | Firewall name |
| resourceGroup? | string | Resource group name |
fn listPolicies()
List all firewall policies in a resource group.
fn getPolicy(name: string, resourceGroup?: string)
Get a single firewall policy.
| Argument | Type | Description |
|---|---|---|
| name | string | Firewall policy name |
| resourceGroup? | string | Resource group name |
fn syncPolicy(name: string, resourceGroup?: string)
Refresh the stored state of a firewall policy without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Firewall policy name |
| resourceGroup? | string | Resource group name |
fn listRuleCollectionGroups(policyName: string, resourceGroup?: string)
List all rule collection groups in a firewall policy.
| Argument | Type | Description |
|---|---|---|
| policyName | string | Firewall policy name |
| resourceGroup? | string | Resource group name |
fn getRuleCollectionGroup(name: string, policyName: string, resourceGroup?: string)
Get a single rule collection group from a firewall policy.
| Argument | Type | Description |
|---|---|---|
| name | string | Rule collection group name |
| policyName | string | Firewall policy name |
| resourceGroup? | string | Resource group name |
fn createRuleCollectionGroup(name: string, policyName: string, resourceGroup?: string, priority: number)
Create a rule collection group in a firewall policy.
| Argument | Type | Description |
|---|---|---|
| name | string | Rule collection group name |
| policyName | string | Firewall policy name |
| resourceGroup? | string | Resource group name |
| priority | number | Priority (100-65000, lower = higher priority) |
fn deleteRuleCollectionGroup(name: string, policyName: string, resourceGroup?: string)
Delete a rule collection group from a firewall policy.
| Argument | Type | Description |
|---|---|---|
| name | string | Rule collection group name |
| policyName | string | Firewall policy name |
| resourceGroup? | string | Resource group name |
fn addFilterCollection(rcgName: string, policyName: string, resourceGroup?: string, collectionName: string, collectionPriority: number, actionType: enum)
Add a filter rule collection (network or application rules) to an existing rule collection group.
| Argument | Type | Description |
|---|---|---|
| rcgName | string | Rule collection group name |
| policyName | string | Firewall policy name |
| resourceGroup? | string | Resource group name |
| collectionName | string | New rule collection name |
| collectionPriority | number | Collection priority (100-65000) |
| actionType | enum | Filter action |
fn addNatCollection(rcgName: string, policyName: string, resourceGroup?: string, collectionName: string, collectionPriority: number, ruleName: string, sourceAddresses: array, destinationAddresses: array, destinationPorts: array, translatedAddress: string, translatedPort: string, ipProtocols: array)
Add a NAT (DNAT) rule collection to an existing rule collection group.
| Argument | Type | Description |
|---|---|---|
| rcgName | string | Rule collection group name |
| policyName | string | Firewall policy name |
| resourceGroup? | string | Resource group name |
| collectionName | string | New NAT collection name |
| collectionPriority | number | Collection priority (100-65000) |
| ruleName | string | First DNAT rule name |
| sourceAddresses | array | Source IP(s) or * for any |
| destinationAddresses | array | Firewall public IP(s) to match |
| destinationPorts | array | External port(s) to match |
| translatedAddress | string | Internal IP to forward to |
| translatedPort | string | Internal port to forward to |
| ipProtocols | array | Protocols |
fn addRule(rcgName: string, policyName: string, collectionName: string, resourceGroup?: string, ruleType: enum, ruleName: string, sourceAddresses: array, destinationAddresses?: array, destinationPorts?: array, ipProtocols?: array, translatedAddress?: string, translatedPort?: string, targetFqdns?: array, protocols?: array, description?: string)
Add a rule to an existing rule collection. Supports NatRule, NetworkRule, and ApplicationRule types.
| Argument | Type | Description |
|---|---|---|
| rcgName | string | Rule collection group name |
| policyName | string | Firewall policy name |
| collectionName | string | Existing rule collection name |
| resourceGroup? | string | Resource group name |
| ruleType | enum | Rule type |
| ruleName | string | Rule name |
| sourceAddresses | array | Source IP(s), CIDR(s), or * for any |
| destinationAddresses? | array | Destination IP(s) or CIDR(s) |
| destinationPorts? | array | Destination port(s) |
| ipProtocols? | array | Protocols: TCP, UDP, Any, ICMP |
| translatedAddress? | string | DNAT translated internal IP (NatRule only) |
| translatedPort? | string | DNAT translated internal port (NatRule only) |
| targetFqdns? | array | Target FQDNs (ApplicationRule only) |
| protocols? | array | App protocols, e.g. Http=80 Https=443 (ApplicationRule only) |
| description? | string | Rule description |
fn removeRule(rcgName: string, policyName: string, collectionName: string, ruleName: string, resourceGroup?: string)
Remove a rule from a rule collection.
| Argument | Type | Description |
|---|---|---|
| rcgName | string | Rule collection group name |
| policyName | string | Firewall policy name |
| collectionName | string | Rule collection name |
| ruleName | string | Rule name to remove |
| resourceGroup? | string | Resource group name |
fn removeCollection(rcgName: string, policyName: string, collectionName: string, resourceGroup?: string)
Remove an entire rule collection from a rule collection group.
| Argument | Type | Description |
|---|---|---|
| rcgName | string | Rule collection group name |
| policyName | string | Firewall policy name |
| collectionName | string | Rule collection name to remove |
| resourceGroup? | string | Resource group name |
fn createPolicy(name: string, resourceGroup?: string, location: string)
Create a firewall policy.
| Argument | Type | Description |
|---|---|---|
| name | string | Policy name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region |
Resources
firewall(infinite)— Azure Firewall instance
policy(infinite)— Azure Firewall policy
ruleCollectionGroup(infinite)— Firewall policy rule collection group
@dougschaefer/azure-key-vaultv2026.03.29.1azure/key_vault.ts
fn list()
List all Key Vaults in a resource group (or all in the subscription).
fn get(name: string, resourceGroup?: string)
Get a single Key Vault.
| Argument | Type | Description |
|---|---|---|
| name | string | Key Vault name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a Key Vault without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Key Vault name |
| resourceGroup? | string | Resource group name |
fn create(resourceGroup?: string, location: string)
Create a Key Vault.
| Argument | Type | Description |
|---|---|---|
| resourceGroup? | string | Resource group name |
| location | string | Azure region, e.g. eastus2 |
fn delete(name: string, resourceGroup?: string)
Delete a Key Vault. If soft delete is enabled, the vault enters a deleted state and can be recovered.
| Argument | Type | Description |
|---|---|---|
| name | string | Key Vault name |
| resourceGroup? | string | Resource group name |
Resources
keyVault(infinite)— Azure Key Vault
@dougschaefer/azure-load-balancerv2026.03.29.1azure/load_balancer.ts
fn list()
List all load balancers in a resource group (or all in the subscription).
fn get(name: string, resourceGroup?: string)
Get a single load balancer with full configuration.
| Argument | Type | Description |
|---|---|---|
| name | string | Load balancer name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a load balancer without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Load balancer name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string)
Create a load balancer.
| Argument | Type | Description |
|---|---|---|
| name | string | Load balancer name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region |
fn delete(name: string, resourceGroup?: string)
Delete a load balancer.
| Argument | Type | Description |
|---|---|---|
| name | string | Load balancer name |
| resourceGroup? | string | Resource group name |
fn listBackendPools(lbName: string, resourceGroup?: string)
List backend address pools on a load balancer.
| Argument | Type | Description |
|---|---|---|
| lbName | string | Load balancer name |
| resourceGroup? | string | Resource group name |
fn listProbes(lbName: string, resourceGroup?: string)
List health probes on a load balancer.
| Argument | Type | Description |
|---|---|---|
| lbName | string | Load balancer name |
| resourceGroup? | string | Resource group name |
Resources
loadBalancer(infinite)— Azure Load Balancer (L4)
backendPool(infinite)— Backend address pool
probe(infinite)— Health probe
@dougschaefer/azure-managed-identityv2026.03.29.1azure/managed_identity.ts
fn list()
List all user-assigned managed identities in a resource group (or subscription).
fn get(name: string, resourceGroup?: string)
Get a single user-assigned managed identity.
| Argument | Type | Description |
|---|---|---|
| name | string | Identity name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a managed identity without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Identity name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string)
Create a user-assigned managed identity.
| Argument | Type | Description |
|---|---|---|
| name | string | Identity name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region |
fn delete(name: string, resourceGroup?: string)
Delete a user-assigned managed identity.
| Argument | Type | Description |
|---|---|---|
| name | string | Identity name |
| resourceGroup? | string | Resource group name |
Resources
identity(infinite)— Azure user-assigned managed identity
@dougschaefer/azure-monitorv2026.03.29.1azure/monitor.ts
fn listMetricAlerts()
List all metric alert rules in a resource group (or subscription).
fn listActivityLogAlerts()
List all activity log alerts in the subscription.
fn listActionGroups()
List all action groups in a resource group (or subscription).
fn getDiagnosticSettings()
List diagnostic settings for a specific Azure resource.
Resources
metricAlert(infinite)— Azure Monitor metric alert rule
activityLogAlert(infinite)— Azure Monitor activity log alert
diagnosticSetting(infinite)— Diagnostic setting on an Azure resource
actionGroup(infinite)— Azure Monitor action group
@dougschaefer/azure-nat-gatewayv2026.03.29.1azure/nat_gateway.ts
fn list()
List all NAT gateways in a resource group (or all in the subscription).
fn get(name: string, resourceGroup?: string)
Get a single NAT gateway.
| Argument | Type | Description |
|---|---|---|
| name | string | NAT gateway name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a NAT gateway without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | NAT gateway name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string)
Create a NAT gateway.
| Argument | Type | Description |
|---|---|---|
| name | string | NAT gateway name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region, e.g. eastus2 |
fn delete(name: string, resourceGroup?: string)
Delete a NAT gateway.
| Argument | Type | Description |
|---|---|---|
| name | string | NAT gateway name |
| resourceGroup? | string | Resource group name |
Resources
natGateway(infinite)— Azure NAT gateway
@dougschaefer/azure-network-watcherv2026.03.29.1azure/network_watcher.ts
fn list()
List all Network Watcher instances in the subscription.
fn listFlowLogs(watcherName: string)
List all NSG flow logs for a Network Watcher.
| Argument | Type | Description |
|---|---|---|
| watcherName | string | Network Watcher name |
fn listConnectionMonitors(watcherName: string)
List all connection monitors for a Network Watcher.
| Argument | Type | Description |
|---|---|---|
| watcherName | string | Network Watcher name |
fn checkConnectivity(sourceVmId: string, destPort: number)
Test connectivity from a source VM to a destination endpoint.
| Argument | Type | Description |
|---|---|---|
| sourceVmId | string | Source VM resource ID |
| destPort | number | Destination port |
Resources
watcher(infinite)— Azure Network Watcher instance
flowLog(infinite)— NSG flow log configuration
connectionMonitor(infinite)— Connection monitor test
@dougschaefer/azure-nsgv2026.03.28.1azure/nsg.ts
fn list()
List all NSGs in a resource group (or all in the subscription if no resource group specified).
fn get(name: string, resourceGroup?: string)
Get a single NSG with all its rules.
| Argument | Type | Description |
|---|---|---|
| name | string | NSG name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of an NSG and its rules without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | NSG name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string)
Create a network security group.
| Argument | Type | Description |
|---|---|---|
| name | string | NSG name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region, e.g. eastus2 |
fn delete(name: string, resourceGroup?: string)
Delete a network security group.
| Argument | Type | Description |
|---|---|---|
| name | string | NSG name |
| resourceGroup? | string | Resource group name |
fn listRules(nsgName: string, resourceGroup?: string)
List all custom rules in an NSG.
| Argument | Type | Description |
|---|---|---|
| nsgName | string | NSG name |
| resourceGroup? | string | Resource group name |
fn getRule(nsgName: string, ruleName: string, resourceGroup?: string)
Get a single NSG rule.
| Argument | Type | Description |
|---|---|---|
| nsgName | string | NSG name |
| ruleName | string | Rule name |
| resourceGroup? | string | Resource group name |
fn createRule(nsgName: string, ruleName: string, access: enum, resourceGroup?: string)
Create a security rule in an NSG.
| Argument | Type | Description |
|---|---|---|
| nsgName | string | NSG name |
| ruleName | string | Rule name |
| access | enum | Allow or deny traffic |
| resourceGroup? | string | Resource group name |
fn updateRule(nsgName: string, ruleName: string, resourceGroup?: string, priority?: number, access?: enum, protocol?: string, description?: string)
Update an existing security rule. Only specified fields are changed.
| Argument | Type | Description |
|---|---|---|
| nsgName | string | NSG name |
| ruleName | string | Rule name |
| resourceGroup? | string | Resource group name |
| priority? | number | New priority |
| access? | enum | New access |
| protocol? | string | New protocol |
| description? | string | New description |
fn deleteRule(nsgName: string, ruleName: string, resourceGroup?: string)
Delete a security rule from an NSG.
| Argument | Type | Description |
|---|---|---|
| nsgName | string | NSG name |
| ruleName | string | Rule name |
| resourceGroup? | string | Resource group name |
Resources
nsg(infinite)— Azure network security group
rule(infinite)— Individual security rule within an NSG
@dougschaefer/azure-private-endpointv2026.03.29.1azure/private_endpoint.ts
fn list()
List all private endpoints in a resource group (or all in the subscription).
fn get(name: string, resourceGroup?: string)
Get a single private endpoint.
| Argument | Type | Description |
|---|---|---|
| name | string | Private endpoint name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a private endpoint without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Private endpoint name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string, vnetName: string, subnetName: string)
Create a private endpoint for a Private Link-enabled service.
| Argument | Type | Description |
|---|---|---|
| name | string | Private endpoint name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region |
| vnetName | string | VNet containing the subnet |
| subnetName | string | Subnet for the private endpoint NIC |
fn delete(name: string, resourceGroup?: string)
Delete a private endpoint.
| Argument | Type | Description |
|---|---|---|
| name | string | Private endpoint name |
| resourceGroup? | string | Resource group name |
fn listPrivateDnsZones()
List all private DNS zones in a resource group.
Resources
privateEndpoint(infinite)— Azure Private Endpoint for Private Link connections
privateDnsZone(infinite)— Private DNS zone for private endpoint resolution
@dougschaefer/azure-public-ipv2026.03.28.1azure/public_ip.ts
fn list()
List all public IP addresses in a resource group (or all in the subscription).
fn get(name: string, resourceGroup?: string)
Get a single public IP address.
| Argument | Type | Description |
|---|---|---|
| name | string | Public IP name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a public IP address without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Public IP name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string)
Create a public IP address.
| Argument | Type | Description |
|---|---|---|
| name | string | Public IP name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region, e.g. eastus2 |
fn delete(name: string, resourceGroup?: string)
Delete a public IP address.
| Argument | Type | Description |
|---|---|---|
| name | string | Public IP name |
| resourceGroup? | string | Resource group name |
Resources
publicIp(infinite)— Azure public IP address
@dougschaefer/azure-resource-groupv2026.03.05.1azure/resource_group.ts
fn list()
List all resource groups in the subscription. Produces one resource instance per group.
fn get(name: string)
Get a single resource group by name.
| Argument | Type | Description |
|---|---|---|
| name | string | Resource group name |
fn create(name: string, location: string)
Create a resource group.
| Argument | Type | Description |
|---|---|---|
| name | string | Resource group name |
| location | string | Azure region, e.g. eastus2 |
fn delete(name: string)
Delete a resource group and all its resources.
| Argument | Type | Description |
|---|---|---|
| name | string | Resource group name to delete |
Resources
resourceGroup(infinite)— Azure resource group
@dougschaefer/azure-route-tablev2026.03.29.1azure/route_table.ts
fn list()
List all route tables in a resource group (or all in the subscription).
fn get(name: string, resourceGroup?: string)
Get a single route table with all its routes.
| Argument | Type | Description |
|---|---|---|
| name | string | Route table name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a route table without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Route table name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string)
Create a route table.
| Argument | Type | Description |
|---|---|---|
| name | string | Route table name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region, e.g. eastus2 |
fn delete(name: string, resourceGroup?: string)
Delete a route table.
| Argument | Type | Description |
|---|---|---|
| name | string | Route table name |
| resourceGroup? | string | Resource group name |
fn listRoutes(routeTableName: string, resourceGroup?: string)
List all routes in a route table.
| Argument | Type | Description |
|---|---|---|
| routeTableName | string | Route table name |
| resourceGroup? | string | Resource group name |
fn createRoute(routeTableName: string, routeName: string, resourceGroup?: string)
Create a route in a route table.
| Argument | Type | Description |
|---|---|---|
| routeTableName | string | Route table name |
| routeName | string | Route name |
| resourceGroup? | string | Resource group name |
fn updateRoute(routeTableName: string, routeName: string, resourceGroup?: string)
Update an existing route in a route table.
| Argument | Type | Description |
|---|---|---|
| routeTableName | string | Route table name |
| routeName | string | Route name |
| resourceGroup? | string | Resource group name |
fn deleteRoute(routeTableName: string, routeName: string, resourceGroup?: string)
Delete a route from a route table.
| Argument | Type | Description |
|---|---|---|
| routeTableName | string | Route table name |
| routeName | string | Route name |
| resourceGroup? | string | Resource group name |
Resources
routeTable(infinite)— Azure route table
route(infinite)— Individual route within a route table
@dougschaefer/azure-sqlv2026.03.28.1azure/sql.ts
fn listServers()
List all SQL servers in a resource group (or all in the subscription).
fn getServer(name: string, resourceGroup?: string)
Get a single SQL server.
| Argument | Type | Description |
|---|---|---|
| name | string | SQL server name |
| resourceGroup? | string | Resource group name |
fn syncServer(name: string, resourceGroup?: string)
Refresh the stored state of a SQL server without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | SQL server name |
| resourceGroup? | string | Resource group name |
fn syncDatabase(name: string, serverName: string, resourceGroup?: string)
Refresh the stored state of a database without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Database name |
| serverName | string | SQL server name |
| resourceGroup? | string | Resource group name |
fn createServer(resourceGroup?: string, location: string, adminUser: string)
Create an Azure SQL logical server.
| Argument | Type | Description |
|---|---|---|
| resourceGroup? | string | Resource group name |
| location | string | Azure region, e.g. eastus2 |
| adminUser | string | Server admin username |
fn deleteServer(name: string, resourceGroup?: string)
Delete an Azure SQL logical server and all its databases.
| Argument | Type | Description |
|---|---|---|
| name | string | SQL server name |
| resourceGroup? | string | Resource group name |
fn listDatabases(serverName: string, resourceGroup?: string)
List all databases on a SQL server.
| Argument | Type | Description |
|---|---|---|
| serverName | string | SQL server name |
| resourceGroup? | string | Resource group name |
fn getDatabase(name: string, serverName: string, resourceGroup?: string)
Get a single database on a SQL server.
| Argument | Type | Description |
|---|---|---|
| name | string | Database name |
| serverName | string | SQL server name |
| resourceGroup? | string | Resource group name |
fn createDatabase(name: string, serverName: string, resourceGroup?: string)
Create a database on a SQL server.
| Argument | Type | Description |
|---|---|---|
| name | string | Database name |
| serverName | string | SQL server name |
| resourceGroup? | string | Resource group name |
fn deleteDatabase(name: string, serverName: string, resourceGroup?: string)
Delete a database from a SQL server.
| Argument | Type | Description |
|---|---|---|
| name | string | Database name |
| serverName | string | SQL server name |
| resourceGroup? | string | Resource group name |
Resources
server(infinite)— Azure SQL logical server
database(infinite)— Azure SQL database
@dougschaefer/azure-storage-accountv2026.03.28.1azure/storage_account.ts
fn list()
List all storage accounts in a resource group (or all in the subscription).
fn get(name: string, resourceGroup?: string)
Get a single storage account.
| Argument | Type | Description |
|---|---|---|
| name | string | Storage account name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a storage account without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | Storage account name |
| resourceGroup? | string | Resource group name |
fn create(resourceGroup?: string, location: string)
Create a storage account.
| Argument | Type | Description |
|---|---|---|
| resourceGroup? | string | Resource group name |
| location | string | Azure region, e.g. eastus2 |
fn delete(name: string, resourceGroup?: string)
Delete a storage account.
| Argument | Type | Description |
|---|---|---|
| name | string | Storage account name |
| resourceGroup? | string | Resource group name |
Resources
storageAccount(infinite)— Azure storage account
@dougschaefer/azure-topologyv2026.03.29.1azure/topology.ts
fn inventory()
Discover all resources across the subscription (or a single resource group). Produces per-resource data handles for VMs, disks, VNets, NSGs, firewalls, public IPs, NAT gateways, route tables, load balancers, application gateways, Bastion, Key Vaults, storage accounts, private endpoints, managed identities, and SQL servers.
fn generate()
Generate a Mermaid topology diagram. When resourceGroup is provided, diagrams a single RG. When omitted, produces a subscription-wide hub-and-spoke diagram across all resource groups with LR layout, traffic flow arrows, and Azure-branded colors.
fn costEstimate(resourceGroup?: string)
Estimate monthly costs for VMs in a resource group using the Azure Retail Pricing API (public, no auth required).
| Argument | Type | Description |
|---|---|---|
| resourceGroup? | string | Resource group name |
fn exportTemplate(resourceGroup?: string)
Export an ARM template for all resources in a resource group.
| Argument | Type | Description |
|---|---|---|
| resourceGroup? | string | Resource group name |
Resources
topology(infinite)— Mermaid topology diagram for an Azure resource group
costEstimate(infinite)— Cost estimate for resources in a resource group
armTemplate(infinite)— Exported ARM template for a resource group
inventoryItem(infinite)— Individual Azure resource discovered during subscription inventory
@dougschaefer/azure-vmv2026.03.28.1azure/vm.ts
fn list()
List VMs in a resource group (or all in the subscription if no resource group specified). Includes power state.
fn get(name: string, resourceGroup?: string)
Get a single VM with instance details.
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a VM without making changes. Useful for drift detection and monitoring.
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| resourceGroup? | string | Resource group name |
fn getInstanceView(name: string, resourceGroup?: string)
Get the instance view of a VM — power state, agent status, disk status.
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string, adminUsername: string, vnetName?: string, subnetName?: string, osDiskSizeGb?: number)
Create a virtual machine. Creates NIC, public IP, and OS disk automatically unless specified.
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region, e.g. eastus2 |
| adminUsername | string | Admin username |
| vnetName? | string | Existing VNet name |
| subnetName? | string | Existing subnet name |
| osDiskSizeGb? | number | OS disk size in GB |
fn delete(name: string, resourceGroup?: string)
Delete a virtual machine. Note: associated NIC, OS disk, and public IP are NOT automatically deleted — clean up separately.
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| resourceGroup? | string | Resource group name |
fn start(name: string, resourceGroup?: string)
Start a stopped/deallocated VM.
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| resourceGroup? | string | Resource group name |
fn stop(name: string, resourceGroup?: string)
Power off a VM without deallocating (still incurs compute charges).
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| resourceGroup? | string | Resource group name |
fn deallocate(name: string, resourceGroup?: string)
Deallocate a VM (releases compute resources, stops charges).
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| resourceGroup? | string | Resource group name |
fn restart(name: string, resourceGroup?: string)
Restart a running VM.
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| resourceGroup? | string | Resource group name |
fn resize(name: string, size: string, resourceGroup?: string)
Resize a VM to a different size. VM must be deallocated first for some size changes.
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| size | string | New VM size, e.g. Standard_D4s_v5 |
| resourceGroup? | string | Resource group name |
fn listSizes(location: string)
List available VM sizes in a location.
| Argument | Type | Description |
|---|---|---|
| location | string | Azure region, e.g. eastus2 |
fn runCommand(name: string, resourceGroup?: string)
Run a shell command on a VM via the Azure VM Run Command extension.
| Argument | Type | Description |
|---|---|---|
| name | string | VM name |
| resourceGroup? | string | Resource group name |
Resources
vm(infinite)— Azure virtual machine
instanceView(infinite)— VM instance view with power state and agent status
@dougschaefer/azure-vnetv2026.03.28.1azure/vnet.ts
fn list()
List all VNets in a resource group (or all in the subscription if no resource group specified).
fn get(name: string, resourceGroup?: string)
Get a single VNet by name.
| Argument | Type | Description |
|---|---|---|
| name | string | VNet name |
| resourceGroup? | string | Resource group name |
fn sync(name: string, resourceGroup?: string)
Refresh the stored state of a VNet and its subnets without making changes.
| Argument | Type | Description |
|---|---|---|
| name | string | VNet name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string)
Create a virtual network.
| Argument | Type | Description |
|---|---|---|
| name | string | VNet name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region, e.g. eastus2 |
fn delete(name: string, resourceGroup?: string)
Delete a virtual network.
| Argument | Type | Description |
|---|---|---|
| name | string | VNet name |
| resourceGroup? | string | Resource group name |
fn listSubnets(vnetName: string, resourceGroup?: string)
List all subnets in a VNet.
| Argument | Type | Description |
|---|---|---|
| vnetName | string | VNet name |
| resourceGroup? | string | Resource group name |
fn getSubnet(vnetName: string, subnetName: string, resourceGroup?: string)
Get a single subnet.
| Argument | Type | Description |
|---|---|---|
| vnetName | string | VNet name |
| subnetName | string | Subnet name |
| resourceGroup? | string | Resource group name |
fn createSubnet(vnetName: string, subnetName: string, resourceGroup?: string)
Create a subnet in a VNet.
| Argument | Type | Description |
|---|---|---|
| vnetName | string | VNet name |
| subnetName | string | Subnet name |
| resourceGroup? | string | Resource group name |
fn updateSubnet(vnetName: string, subnetName: string, resourceGroup?: string)
Update a subnet — attach or detach NSG or route table.
| Argument | Type | Description |
|---|---|---|
| vnetName | string | VNet name |
| subnetName | string | Subnet name |
| resourceGroup? | string | Resource group name |
fn deleteSubnet(vnetName: string, subnetName: string, resourceGroup?: string)
Delete a subnet from a VNet.
| Argument | Type | Description |
|---|---|---|
| vnetName | string | VNet name |
| subnetName | string | Subnet name |
| resourceGroup? | string | Resource group name |
fn listPeerings(vnetName: string, resourceGroup?: string)
List all peering connections for a VNet.
| Argument | Type | Description |
|---|---|---|
| vnetName | string | VNet name |
| resourceGroup? | string | Resource group name |
fn createPeering(vnetName: string, peeringName: string, resourceGroup?: string)
Create a VNet peering connection. Creates one direction only — you need to create the reverse peering on the remote VNet separately.
| Argument | Type | Description |
|---|---|---|
| vnetName | string | Local VNet name |
| peeringName | string | Peering connection name |
| resourceGroup? | string | Resource group name |
fn deletePeering(vnetName: string, peeringName: string, resourceGroup?: string)
Delete a VNet peering connection.
| Argument | Type | Description |
|---|---|---|
| vnetName | string | VNet name |
| peeringName | string | Peering connection name |
| resourceGroup? | string | Resource group name |
Resources
vnet(infinite)— Azure virtual network
subnet(infinite)— Azure subnet within a virtual network
peering(infinite)— Virtual network peering connection
@dougschaefer/azure-vwanv2026.03.05.1azure/vwan.ts
fn list()
List all Virtual WANs in a resource group (or subscription).
fn get(name: string, resourceGroup?: string)
Get a single Virtual WAN.
| Argument | Type | Description |
|---|---|---|
| name | string | vWAN name |
| resourceGroup? | string | Resource group name |
fn create(name: string, resourceGroup?: string, location: string)
Create a Virtual WAN.
| Argument | Type | Description |
|---|---|---|
| name | string | vWAN name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region |
fn delete(name: string, resourceGroup?: string)
Delete a Virtual WAN.
| Argument | Type | Description |
|---|---|---|
| name | string | vWAN name |
| resourceGroup? | string | Resource group name |
fn listHubs()
List all virtual hubs in a resource group (or subscription).
fn getHub(name: string, resourceGroup?: string)
Get a single virtual hub.
| Argument | Type | Description |
|---|---|---|
| name | string | Virtual hub name |
| resourceGroup? | string | Resource group name |
fn createHub(name: string, resourceGroup?: string, location: string, vwanName: string)
Create a virtual hub within a vWAN.
| Argument | Type | Description |
|---|---|---|
| name | string | Virtual hub name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region |
| vwanName | string | Parent vWAN name |
fn deleteHub(name: string, resourceGroup?: string)
Delete a virtual hub.
| Argument | Type | Description |
|---|---|---|
| name | string | Virtual hub name |
| resourceGroup? | string | Resource group name |
fn listHubConnections(hubName: string, resourceGroup?: string)
List all VNet connections to a virtual hub.
| Argument | Type | Description |
|---|---|---|
| hubName | string | Virtual hub name |
| resourceGroup? | string | Resource group name |
fn createHubConnection(name: string, hubName: string, resourceGroup?: string)
Connect a VNet to a virtual hub.
| Argument | Type | Description |
|---|---|---|
| name | string | Connection name |
| hubName | string | Virtual hub name |
| resourceGroup? | string | Resource group name |
fn deleteHubConnection(name: string, hubName: string, resourceGroup?: string)
Remove a VNet connection from a virtual hub.
| Argument | Type | Description |
|---|---|---|
| name | string | Connection name |
| hubName | string | Virtual hub name |
| resourceGroup? | string | Resource group name |
fn listVpnSites()
List all VPN sites in a resource group (or subscription).
fn getVpnSite(name: string, resourceGroup?: string)
Get a single VPN site.
| Argument | Type | Description |
|---|---|---|
| name | string | VPN site name |
| resourceGroup? | string | Resource group name |
fn createVpnSite(name: string, resourceGroup?: string, location: string, vwanName: string, deviceModel?: string)
Create a VPN site (branch office) configuration.
| Argument | Type | Description |
|---|---|---|
| name | string | VPN site name |
| resourceGroup? | string | Resource group name |
| location | string | Azure region |
| vwanName | string | Associated vWAN name |
| deviceModel? | string | VPN device model |
fn deleteVpnSite(name: string, resourceGroup?: string)
Delete a VPN site.
| Argument | Type | Description |
|---|---|---|
| name | string | VPN site name |
| resourceGroup? | string | Resource group name |
fn listVpnGateways()
List all site-to-site VPN gateways in a resource group (or subscription).
fn getVpnGateway(name: string, resourceGroup?: string)
Get a single VPN gateway.
| Argument | Type | Description |
|---|---|---|
| name | string | VPN gateway name |
| resourceGroup? | string | Resource group name |
fn inventory(resourceGroup?: string)
Inventory the complete vWAN topology — vWAN, hubs, hub connections, VPN sites, and VPN gateways in a resource group.
| Argument | Type | Description |
|---|---|---|
| resourceGroup? | string | Resource group name |
Resources
vwan(infinite)— Azure Virtual WAN
virtualHub(infinite)— Virtual hub within a vWAN
hubConnection(infinite)— VNet connection to a virtual hub
vpnSite(infinite)— VPN site (branch office) configuration
vpnGateway(infinite)— Site-to-site VPN gateway in a virtual hub
04Previous Versions
2026.04.13.1Apr 13, 2026
Add .meta({ sensitive: true }) to VM adminPassword and sshKeyValue fields
2026.04.02.1Apr 2, 2026
Add firewall policy rule management: createRuleCollectionGroup, deleteRuleCollectionGroup, addFilterCollection, addNatCollection, addRule, removeRule, removeCollection
Modified 1 models
2026.03.30.1Mar 30, 2026
2026.03.29.4Mar 29, 2026
2026.03.29.1Mar 29, 2026
Pin zod to 4.3.6
2026.03.28.1Mar 28, 2026
New models: azure-dns (zones, record sets, zone export) and azure-devops (projects, repos, pipelines, builds, work items). Sync methods added to 8 models for drift detection. Readiness polling on VM create and start. 15 models, 131 methods.
2026.03.27.3Mar 28, 2026
Fix repository URL: point to GitHub instead of ADO.
2026.03.27.1Mar 28, 2026
Bug fixes: 8 missing --yes flags on delete methods, SQL maxSize format fix, VM delete orphan warning, runCommand output capture. New methods: updateSubnet, getDatabase, updateRoute.
2026.03.05.2Mar 5, 2026
2026.03.05.1Mar 5, 2026
05Stats
A
100 / 100
Downloads
5
Archive size
72.5 KB
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types1/1earned
- Has description1/1earned
- At least one platform tag (or universal)1/1earned
- Two or more platform tags (or universal)1/1earned
- License declared1/1earned
- Verified public repository2/2earned
06Platforms
07Labels