NLB-7299: docs - add system-assigned managed identity requirement to … #1659
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…deployment documentation System-assigned MI now required for new deployments Updates all deployment documentation to reflect systemMI requirement: - Portal: Automatically creates systemMI - CLI/Terraform/ARM/SDK: Must set identity.type="SystemAssigned" - SystemMI cannot be removed once created - Legacy deployments continue to work Updated deployment guides, client tools docs, managed identity docs, monitoring prerequisites, and SSL/TLS prerequisites with requirement notes and backward compatibility information.
github-actions
bot
added
documentation
amudukutore
reviewed
Jan 16, 2026
| - A user or system assigned identity associated with your NGINXaaS deployment. Ensure that your Managed Identity (MI) has read access to secrets stored in AKV: | ||
| - A user or system assigned identity associated with your NGINXaaS deployment. | ||
|
|
||
| {{< call-out "note" >}}**System-Assigned Managed Identity**: All NGINXaaS deployments automatically include a system-assigned managed identity. When creating deployments via Azure CLI, Terraform, ARM templates, or SDK, ensure you explicitly configure the system-assigned identity as shown in the respective deployment guides.{{< /call-out >}} |
Contributor
There was a problem hiding this comment.
All NGINXaaS deployments automatically include a system-assigned managed identity.
Is this accurate? I thought only those deployments created through the portal include a system MI.
amudukutore
reviewed
Jan 16, 2026
Contributor
amudukutore
left a comment
amudukutore
left a comment
There was a problem hiding this comment.
Looking through the changes here, the call out to add a system assigned MI is repeated across multiple sections which seems a bit excessive. Can we only add it in the section on enabling logs and metrics?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Updates documentation to reflect that system-assigned managed identity (systemMI) is now required for Geneva logging and monitoring in NGINXaaS for Azure.
Changes
Deployment Guides
--identity type="SystemAssigned"requirement to all examplesKey Points
identity.type="SystemAssigned"Note: Existing deployments are not affected by this change.
Checklist
Before sharing this pull request, I completed the following checklist:
Footnotes
Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the style guide for guidance about placeholder content. ↩