Skip to content
Latchkey

az account list: List Accessible Subscriptions

az account list enumerates the subscriptions available to the signed-in identity.

When a deploy targets the wrong place, list the subscriptions the service principal can actually reach. It is the fastest way to spot a scoping mistake.

What it does

az account list returns an array of subscription objects the current login can access, marking the default with isDefault. A freshly federated service principal only sees subscriptions it has a role assignment on.

Common usage

Terminal
az account list --output table
# names and ids only
az account list --query "[].{name:name, id:id}" -o table
# find a subscription id by name
az account list --query "[?name=='Prod'].id" -o tsv

Subcommands and flags

FlagWhat it does
--allInclude subscriptions in disabled or warned states
--refreshRe-fetch from the server rather than the cache
--query <jmespath>Filter with JMESPath, e.g. [?name==...]
-o tableRender a readable table instead of JSON

In CI

A common failure mode is an OIDC service principal with no role assignment: az account list returns []. Grant it at least Reader on the target subscription so the CLI can resolve a default. Use --query to pick an id by name without hardcoding it.

Common errors in CI

An empty [] result means the identity has no subscription role assignments; add a role assignment at subscription scope. "Please run 'az login'" means no authenticated session. If only one subscription appears when you expect several, the service principal is scoped narrower than the human account you tested with.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →