In my last post, I introduced Azure Cloud Shell focusing on PowerShell mode features. In this one we will learn how to clean empty resource groups using the cloud shell !


Azure resource groups : pros and cons

Azure Resources are stored in logical containers called “Resource Groups”. Theses containers are really helpful for the following reasons:

  • They help to manage the life cycle of a group of resources instead of individual resources
  • They provide a cost overview for a group of Azure Resource
  • They permit to assign roles (RBAC) for users at the resource group level and at the azure resource level


Each time we create an Azure resource, we have to place it in an existing resource group, that’s why the number of resource group increases quickly! Deleting Azure resources can produce empty resources groups: empty resource groups are useless and can degrade navigation experience in the Azure Portal.

To keep an Azure subscription easy to manage, it’s a good practice to delete empty resource groups. This operation can be done directly using the new Azure Portal, but it’s a long and boring operation. To achieve it easily we can create a custom script (Azure Powershell or Azure CLI).


Custom “Clean” script

Here is an example of an Azure PowerShell script whish will help us to clean the empty resource groups.


It contains 4 steps:

  1. Authentication to Azure Subscription (using the Login-AzureRmAccount Command)
  2. List all resource groups (using the Get-AzureRmResourceGroup command)
  3. Iterate on each resource groups to check if it’s empty
  4. Ask to user if he wants to delete the empty resource groups


$subscriptionId = "******"

# 1.Authentication
Login-AzureRmAccount -SubscriptionId $subscriptionId

#1. Get current Azure Context
$context = Get-AzureRmContext

Write-Output "-- Clean script is working on subscription : "


$emptyRgs = New-Object System.Collections.ArrayList

# 2. List all resource groups
$rgs = Get-AzureRmResourceGroup

# 3. Check empty resource groups
foreach($rg in $rgs)
   $resourcesCount = (Get-AzureRmResource | where {$_.ResourceGroupName –eq $rg.ResourceGroupName}).Count

   if ($resourcesCount -eq 0){
      Write-Output $rg.ResourceGroupName
      $emptyRgs.Add($rg.ResourceGroupName) > $null

#4. Ask for permission to delete resource groups
if ($emptyRgs.Count -eq 0){
   Write-Output "There is no resource group emty :)"
   $choice = [string]::Empty

   while ($choice -notmatch "[y|n]"){
      $choice = read-host "Do you want to delete empty resource groups ? (Y/N)"

   if ($choice -eq "y"){
      foreach($emptyRg in $emptyRgs){
         Remove-AzureRmResourceGroup -Name $emptyRg -Force > $null


It works well, however to execute it we have to install Azure Powershell on the development machine, and we have to execute it for each Azure Subscription. It’s possible to solve the first point using the Azure Cloud shell by taking advantage of the cloud drive:

First we are going to push the script in the cloud drive, then we will be able to execute it directly from the Azure Cloud shell.

In the script hosted in the cloud drive, we won’t need anymore the Authentication step (1), let’s replace it with a code which will give us information about the current azure context in the shell.


Old first step:

$subscriptionId = "*****"

# 1.Authentication

Login-AzureRmAccount -SubscriptionId $subscriptionId


New first step: 

#1. Get current Azure Context

$context = Get-AzureRmContext

Write-Output "-- Clean script is working on subscription: "




Script import in the Azure Cloud Drive

The “Azure Cloud Drive” is a file share available across Cloud Shell hosts and sessions. Windows and Linux hosts mount it as a local drive during the Azure Shell session boot. Concretely the cloud drive is stored in an Azure storage Account created during the first Azure Cloud Shell session : we just need to locate the storage account to push the script in the file share.

The storage account has a random name prefixed by “cs” (for cloud shell!) of courseJ), to find it we just have to search “cs” on the Azure Portal search field :



Then we have to select the file share stored in the storage account. Each user owns a file share to store its personal files, in my subscription there is only one (mine!) but the storage account cloud contains several file share (one per user) :


Once the file share is selected, we can manage folders and files. For example, we can create a “manage” folder where we will upload the clean script:


In the file share we can see two folders automatically created by azure (cloudconsole and .pscloudshell). In the “manage” folder, we can import the clean script named clean-rgs.ps1:



Script execution in the Cloud Shell

The clean script is now stored in the cloud drive, we are able to access it from the cloud shell. First, we have to open the cloud shell with the Powershell mode. Then let’s enter in the manage folder created before using the cd command and then list the content of the folder with the dir command:


We just have to execute the script to check if some empty resource groups exist in the *current subscription. The shell will retrieve the current subscription id first and will list all empty resource groups:


* The shell is automatically connected to a default subscription that we can get using the Get-AzureRmContext command:


To change the default subscription we can combine the Get-AzureRmSubscription command to list available subscription and the Select-AzureRmSubscription command to set a new default subscription.


Happy coding 🙂

Automate SQL Azure Backup using Azure Function and Azure PowerShell Introduction to Azure Cloud Shell (focusing on PowerShell)

Leave a Reply

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *