I'm starting to write a bash script to provision a VM in a new or existing resource group so that we can enforce naming convention and configuration.

In a bash script how can I check that a resource already exists so I don't try to create it again?

# 1.    If a new resource group is desired, create it now.  Microsoft Docs
az group create --name $RESOURCEGROUPNAME --location $LOCATION

# 2.    Create a virtual network and subnet if one has not already been created.  Microsoft Docs
#   Consider a separate VNet for each resource group. 
#   az network vnet list -output table
az network vnet create \
  --resource-group $RESOURCEGROUPNAME \
  --name $RESOURCEGROUPNAME-vnet \
  --address-prefix 10.0.x.0/24 \
  --subnet-name default \
  --subnet-prefix 10.0.x.0/24

# x is the next available 3rd octet value

# 3.    Create a public IP Address.  Microsoft Docs
az network public-ip create \
  --resource-group $RESOURCEGROUPNAME \
  --name $VMNAME-ip \
  --dns-name $DNSNAME

# 4.    Create a network security group.  Microsoft Docs
az network nsg create \
  --resource-group $RESOURCEGROUPNAME \
  --name $VMNAME-nsg 

# 5.    Create a rule to allow SSH to the machine.  Microsoft Docs
az network nsg rule create \
  --resource-group $RESOURCEGROUPNAME \
  --nsg-name $VMNAME-nsg \
  --name allow-ssh \
  --protocol tcp \
  --priority 1000 \
  --destination-port-range 22 \
  --access allow

# 6.    Create a virtual NIC.   Microsoft Docs
az network nic create \
  --resource-group $RESOURCEGROUPNAME \
  --name $VMNAME-nic \
  --vnet-name $RESOURCEGROUPNAME-vnet \
  --subnet default \
  --public-ip-address $VMNAME-ip \
  --network-security-group $VMNAME-nsg

# 7.    Create an availability set, if redundancy is required.  Microsoft Docs
az vm availability-set create \
  --resource-group $RESOURCEGROUPNAME \
  --name $AVSETNAME-as

# 8.    Create the VM. Microsoft Docs
az vm create \
  --resource-group $RESOURCEGROUPNAME \
  --location $LOCATION \
  --name $VMNAME \
  --image UbuntuLTS \
  --size $VMSIZE \
  --availability-set $AVSETNAME-as \
  --nics $VMNAME-nic \
  --admin-username $ADMINUSERNAME \
  --authentication-type ssh
  --ssh-key-value @$SSHPUBLICKEYFILE \
  --os-disk-name $VMNAME-osdisk

This should work in bash script:

if [ $(az group exists --name $RESOURCEGROUPNAME) = false ]; then
    az group create --name $RESOURCEGROUPNAME --location $LOCATION
fi

You can use JMESPath queries to do this. All resource types support this, AFAIK.

For example, for VMs:

az vm list --resource-group $RESOURCEGROUPNAME --query "[?name=='$VMNAME'] | length(@)"

This will output the number of matching VMs - either 1 or 0.

You can use this to create if/else logic in bash as follows.

if [[ $(az vm list --resource-group $RESOURCEGROUPNAME --query "[?name=='$VMNAME'] | length(@)") > 0 ]]
then
  echo "VM exists"
else
  echo "VM doesn't exist"
fi

In a bash script how can I check that a resource already exists so I don't try to create it again?

We can use CLI 2.0 command az group exists to test the resource group exist or not, like this:

C:\Users\user>az group exists -n jasontest
false

In this way, before we create it, we can test the name available or not. In new resource group, we can create new Vnet and other resources.

For now, there is no CLI 2.0 command to test other resource exist or not. If you want to create resource in an existing resource group, maybe we should use CLI 2.0 command to list the resources, and use bash to make sure the resource exist or not.

If a resource show command returns an empty string and a success status code (0), then the resource does not exist.

Edit: ChrisWue pointed out that this is no longer true. It must have changed since I left the Azure CLI team (it used to be a requirement that all commands worked like this). Or it may be that there is a bug for the key vault commands he mentioned below.

As mentioned in another answer - there is no generic "exists" command. One line of reasoning I've found was that "create" is meant to be idem potent - therefor if you have a script that creates resources (for example as part of a build pipeline) it doesn't matter how often you execute it since "it will do the right thing".

If you still need to do this you can do it in shell like this (the example is for keyvault but it should work for all resource types that have a show command)

if az keyvault show -n my-keyvault -o none; then
   echo "keyvault exists"
else
   echo "keyvault doesn't exist"
fi

It should be noted that az will output an error message to stderr if the resource doesn't exists - this doesn't affect the check but if it bothers you then you can redirect stderr to /dev/null

In our case we needed this because we don't run the infra scripts if the setup hasn't changed (cuts our build time in half). We dectect this by creating a hash of the infra-scripts and store it in a keyvault. When the script runs it creates the keyvault (to make sure it exists) and then tries to check the secret that contains the hash. If the hash is still the same then don't run the rest of the script.

Catch is that keyvault create nukes the access policies which also includes the web-app managed identity access policy which won't get added if the rest of the script doesn't run ... so the fix is to check if the keyvault exists first and to not create it if it does.

this work for my batch commands

call az webapp show --subscription <yoursubs> --resource-group <yourrg> --name <yourappname> -query name
if %errorlevel% == 1 (
    az webapp create ...
)