Deployment issues for new customers

Currently, all new-customer deployments are non-functional. Existing customers deploying into a new region are also affected. See Known Issues for updates.

Managed Identity

Learn how to add a user assigned managed identity.

NGINX as a Service for Azure leverages a user assigned managed identity for some of its integrations with Azure such as:

  • Azure Key Vault (AKV): fetch SSL/TLS certificates from AKV to your NGINXaaS deployment, so that they can be referenced by your NGINX configuration.

  • Azure Monitor: publish metrics from your NGINX deployment to Azure Monitor.


  • A user assigned managed identity. If you are unfamiliar with managed identities for Azure resources, refer to the Managed Identity documentation from Microsoft.

  • Owner access on the resource group or subscription to assign the managed identity to the NGINX deployment.

Adding a Managed Identity

  1. Go to your NGINXaaS for Azure deployment.

  2. Select the Identity tab in the left menu, then select Add.

    Identity > Add
  3. Select the appropriate subscription and user assigned managed identity, then select Add.

    Identity Add Subscription

    NGINXaaS supports a single user assigned managed identity per deployment. Adding more than a single managed identity is not supported.

  4. The added user assigned managed identity will show up in the main table.

    Managed Identity Added

Removing a managed identity

  1. Select the managed identity you want to remove.

    Select Identity to Remove
  2. Confirm the operation.

    Confirm Identity Removal

Removing a Managed Identity from an NGINX deployment has the following effects:

  • If the NGINX deployment uses any SSL/TLS certificates, then any updates to the deployment (including deployment properties, certificates, and configuration) will result in a failure. If the configuration is updated to not use any certificates, then those requests will succeed.

  • If publishing metrics is enabled for the NGINX deployment, then the metrics will no longer be published to Azure Monitor for this deployment until a Managed Identity is added.

What’s next

SSL/TLS Certificates