Skip to content

NLB-7299: docs - add system-assigned managed identity requirement to …#1659

Open
rnandwal-f5 wants to merge 10 commits intonginx:mainfrom
rnandwal-f5:NLB-7299-Make-SystemMI-Required
Open

NLB-7299: docs - add system-assigned managed identity requirement to …#1659
rnandwal-f5 wants to merge 10 commits intonginx:mainfrom
rnandwal-f5:NLB-7299-Make-SystemMI-Required

Conversation

@rnandwal-f5
Copy link
Contributor

@rnandwal-f5 rnandwal-f5 commented Jan 16, 2026
edited
Loading

Summary

Updates documentation to reflect that system-assigned managed identity (systemMI) is now required for Geneva logging and monitoring in NGINXaaS for Azure.

Changes

Deployment Guides

  • Portal: Added note that systemMI is automatically created
  • CLI: Added --identity type="SystemAssigned" requirement to all examples
  • Terraform: Added systemMI requirement callout
  • ARM/Bicep/SDK: Added systemMI requirement notes

Key Points

  • Portal: SystemMI created automatically
  • CLI/Terraform/ARM/SDK: Must set identity.type="SystemAssigned"
  • SystemMI cannot be removed once created
  • Backward Compatibility: Legacy deployments without systemMI continue to work without requiring changes

Note: Existing deployments are not affected by this change.

Checklist

Before sharing this pull request, I completed the following checklist:

Footnotes

  1. Potentially sensitive information includes personally identify information (PII), authentication credentials, and live URLs. Refer to the style guide for guidance about placeholder content.

@rnandwal-f5 rnandwal-f5 requested a review from arpith-f5 January 16, 2026 10:20
@rnandwal-f5 rnandwal-f5 requested review from a team as code owners January 16, 2026 10:20
@github-actions github-actions bot added documentation Improvements or additions to documentation product/nginxaas-azure Issues related to NGINX as a Service for Azure labels Jan 16, 2026
amudukutore
amudukutore reviewed Jan 16, 2026
View reviewed changes
amudukutore
amudukutore reviewed Jan 16, 2026
View reviewed changes
Copy link
Contributor

@amudukutore amudukutore left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking through the changes here, the call out to add a system assigned MI is repeated across multiple sections which seems a bit excessive. Can we only add it in the section on enabling logs and metrics?

amudukutore
amudukutore reviewed Jan 20, 2026
View reviewed changes
arpith-f5
arpith-f5 reviewed Jan 20, 2026
View reviewed changes
@rnandwal-f5 rnandwal-f5 force-pushed the NLB-7299-Make-SystemMI-Required branch 2 times, most recently from b3cf533 to 94fdd4f Compare January 21, 2026 08:56
@JTorreG
Copy link
Contributor

JTorreG commented Jan 21, 2026

waiting for the suggestions and questions from @arpith-f5 to be addressed before my review

@rnandwal-f5 rnandwal-f5 requested a review from arpith-f5 January 22, 2026 11:26
arpith-f5
arpith-f5 reviewed Jan 29, 2026
View reviewed changes
@arpith-f5
Copy link
Contributor

arpith-f5 commented Jan 29, 2026

@rnandwal-f5 lets update the changelog also https://docs.nginx.com/nginxaas/azure/changelog

@rnandwal-f5 rnandwal-f5 requested a review from arpith-f5 January 30, 2026 07:36
JTorreG
JTorreG approved these changes Feb 4, 2026
View reviewed changes
rnandwal-f5 and others added 10 commits February 11, 2026 21:38
@rnandwal-f5
NLB-7299: docs - add system-assigned managed identity requirement to …
fefb928 
…deployment documentation

System-assigned MI now required for new deployments

Updates all deployment documentation to reflect systemMI requirement:
- Portal: Automatically creates systemMI
- CLI/Terraform/ARM/SDK: Must set identity.type="SystemAssigned"
- SystemMI cannot be removed once created
- Legacy deployments continue to work

Updated deployment guides, client tools docs, managed identity docs,
monitoring prerequisites, and SSL/TLS prerequisites with requirement
notes and backward compatibility information.
@rnandwal-f5
NLB-7299: docs - remove redundant system-assigned MI requirement ment…
b6598e7 
…ions

Removed duplicate references to system-assigned managed identity being
required, as this is already clearly stated in the overview section and nginxaas-azure-snippets docs.Streamlined content to avoid repetition while maintaining clarity.
@rnandwal-f5
NLB-7299: docs - enforce system-assigned MI requirement
888c602 
- Remove systemMI requirement from disaster-recovery and add it to terraform.
- fix docs and remove duplcate callout in mananged-identity-portal.md
@rnandwal-f5
NLB-7386: docs - add script to identify deployments without system-as…
a579558 
…signed managed identity

- Add new section "Checking for deployments without system assigned managed identity"
- Include bash script using Azure CLI to list NGINXaaS deployments missing system MI
- Add prerequisite note about Azure CLI login and subscription selection
@rnandwal-f5
NLB-7299: refactor - Remove redundant part from legacy section and re…
c23b90b 
…move required comment for systemMI
@rnandwal-f5
NLB-7299: docs - add changelog entry for system-assigned managed iden…
d856645 
…tity requirement

Document the new requirement for system-assigned managed identity on all
NGINXaaS deployments.
@rnandwal-f5
NLB-7386: docs - use Azure Resource Graph query instead of bash scrip…
b3e8e52 
…t for managed identity check

Replaced bash script with Resource Graph query that can be run directly in
Azure Portal. The query works across all subscriptions and doesn't require
Azure CLI installation.
@rnandwal-f5
NLB-7299: docs - refactor managed identity documentation
aa0d6c0 
- Consolidate system-assigned identity viewing and management sections
- Clarify user-assigned identity removal impacts and move it under remove UAMI section
@rnandwal-f5 @JTorreG
Update content/nginxaas-azure/getting-started/managed-identity-portal.md
8265025 
Co-authored-by: Jon Torre <[email protected]>
@rnandwal-f5
NLB-7299: Add steps to add systemMI to deployments and add its link t…
96c6e0c 
…o changelog

Add steps to add system MI to deployments which dont have it, along with a call note stating that it can only be used for the deployments which dont have system MI

Update changelog to link steps to add system MI.
@rnandwal-f5 rnandwal-f5 force-pushed the NLB-7299-Make-SystemMI-Required branch from ca5edf3 to 96c6e0c Compare February 11, 2026 16:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amudukutore amudukutore amudukutore left review comments

@JTorreG JTorreG JTorreG approved these changes

@arpith-f5 arpith-f5 arpith-f5 approved these changes

Assignees

No one assigned

Labels

documentation Improvements or additions to documentation product/nginxaas-azure Issues related to NGINX as a Service for Azure

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@rnandwal-f5 @JTorreG @arpith-f5 @amudukutore