Example: Use the Azure libraries to create a resource group

This example demonstrates how to use the Azure SDK management libraries in a Python script to create a resource group. (The Equivalent Azure CLI command is given later in this article. If you prefer to use the Azure portal, see Create resource groups.)

All the commands in this article work the same in Linux/macOS bash and Windows command shells unless noted.

1: Set up your local development environment

If you haven't already, set up an environment where you can run this code. Here are some options:

• Configure a Python virtual environment using venv or your tool of choice. To start using the virtual environment, be sure to activate it. To install python, see Install Python.

  • Bash
  • PowerShell

  #!/bin/bash
  # Create a virtual environment
  python -m venv .venv
  # Activate the virtual environment
  source .venv/Scripts/activate # only required for Windows (Git Bash)
  

• Use a conda environment. To install Conda, see Install Miniconda.

• Use a Dev Container in Visual Studio Code or GitHub Codespaces.

2: Install the Azure library packages

1. In your console, create a requirements.txt file that lists the management libraries used in this example:

   azure-mgmt-resource
   azure-identity
   

2. In your console with the virtual environment activated, install the requirements:

   pip install -r requirements.txt
   

3. Set environment variables

In this step, you set environment variables for use in the code in this article. The code uses the os.environ method to retrieve the values.

#!/bin/bash
export AZURE_RESOURCE_GROUP_NAME=<ResourceGroupName> # Change to your preferred resource group name
export LOCATION=<Location> # Change to your preferred region
export AZURE_SUBSCRIPTION_ID=$(az account show --query id --output tsv)

# PowerShell syntax
$env:AZURE_RESOURCE_GROUP_NAME = <ResourceGroupName> # Change to your preferred resource group name
$env:LOCATION = <Location> # Change to your preferred region
$env:AZURE_SUBSCRIPTION_ID = $(az account show --query id --output tsv)

4: Write code to create a resource group

In this step, you create a Python file named provision_blob.py with the following code. This Python script uses the Azure SDK for Python management libraries to create a resource group in your Azure subscription.

Create a Python file named provision_rg.py with the following code. The comments explain the details:

# Import the needed credential and management objects from the libraries.
import os

from azure.identity import DefaultAzureCredential
from azure.mgmt.resource import ResourceManagementClient

# Acquire a credential object using DevaultAzureCredential.
credential = DefaultAzureCredential()

# Retrieve subscription ID from environment variable.
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]

# Retrieve resource group name and ___location from environment variables
RESOURCE_GROUP_NAME = os.environ["AZURE_RESOURCE_GROUP_NAME"]
LOCATION = os.environ["LOCATION"]

# Obtain the management object for resources.
resource_client = ResourceManagementClient(credential, subscription_id)

# Provision the resource group.
rg_result = resource_client.resource_groups.create_or_update(RESOURCE_GROUP_NAME,
    { "___location": LOCATION })

print(f"Provisioned resource group {rg_result.name}")

# Within the ResourceManagementClient is an object named resource_groups,
# which is of class ResourceGroupsOperations, which contains methods like
# create_or_update.
#
# The second parameter to create_or_update here is technically a ResourceGroup
# object. You can create the object directly using ResourceGroup(___location=
# LOCATION) or you can express the object as inline JSON as shown here. For
# details, see Inline JSON pattern for object arguments at
# https://learn.microsoft.com/azure/developer/python/sdk
# /azure-sdk-library-usage-patterns#inline-json-pattern-for-object-arguments

print(
    f"Provisioned resource group {rg_result.name} in the {rg_result.___location} region"
)

# The return value is another ResourceGroup object with all the details of the
# new group. In this case the call is synchronous: the resource group has been
# provisioned by the time the call returns.

# To update the resource group, repeat the call with different properties, such
# as tags:
rg_result = resource_client.resource_groups.create_or_update(
    RESOURCE_GROUP_NAME,
    {
        "___location": LOCATION,
        "tags": {"environment": "test", "department": "tech"},
    },
)

print(f"Updated resource group {rg_result.name} with tags")

# Optional lines to delete the resource group. begin_delete is asynchronous.
# poller = resource_client.resource_groups.begin_delete(rg_result.name)
# result = poller.result()

Authentication in the code

Later in this article, you sign in to Azure using the Azure CLI to execute the sample code. If your account has sufficient permissions to create resource groups and storage resources in your Azure subscription, the script should run successfully without additional configuration.

To use this code in a production environment, authenticate using a service principal by setting environment variables. This approach enables secure, automated access without relying on interactive login. For detailed guidance, see How to authenticate Python apps with Azure services.

Ensure that the service principal is assigned a role with sufficient permissions to create resource groups and storage accounts. For example, assigning the Contributor role at the subscription level provides the necessary access. To learn more about role assignments, see Role-based access control (RBAC) in Azure.

Reference links for classes used in the code

• DefaultAzureCredential (azure.identity)
• ResourceManagementClient (azure.mgmt.resource)

5: Run the script

1. If you haven't already, sign in to Azure using the Azure CLI:

   az login
   

2. Run the script:

   python provision_rg.py
   

6: Verify the resource group

You can verify that the resource group exists through the Azure portal or the Azure CLI.

• Azure portal: open the Azure portal, select Resource groups, and check that the group is listed. If necessary, use the Refresh command to update the list.

• Azure CLI: use the az group show command:

  • Bash
  • PowerShell

  #!/bin/bash
  az group show -n $AZURE_RESOURCE_GROUP_NAME
  

7: Clean up resources

Run the az group delete command if you don't need to keep the resource group created in this example. Resource groups don't incur any ongoing charges in your subscription, but resources in the resource group might continue to incur charges. It's a good practice to clean up any group that you aren't actively using. The --no-wait argument allows the command to return immediately instead of waiting for the operation to finish.

#!/bin/bash
az group delete -n $AZURE_RESOURCE_GROUP_NAME --no-wait

# PowerShell syntax
az group delete -n $env:AZURE_RESOURCE_GROUP_NAME --no-wait

You can also use the ResourceManagementClient.resource_groups.begin_delete method to delete a resource group from code. The commented code at the bottom of the script in this article demonstrates the usage.

For reference: equivalent Azure CLI command

The following Azure CLI az group create command creates a resource group with tags just like the Python script:

az group create -n PythonAzureExample-rg -l centralus --tags "department=tech" "environment=test"

See also

• Example: List resource groups in a subscription
• Example: Create Azure Storage
• Example: Use Azure Storage
• Example: Create a web app and deploy code
• Example: Create and query a database
• Example: Create a virtual machine
• Use Azure Managed Disks with virtual machines
• Complete a short survey about the Azure SDK for Python