Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added new feature to integrate azure services using managed identities #442

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Added new feature to integrate azure services using managed identities #442

wants to merge 5 commits into from

Conversation

FreddyAyala
Copy link

This pull request introduces support for Managed Identities in the Azure Chat Solution Accelerator, enhancing security and simplifying secret management. Key changes include updates to documentation, infrastructure templates, and deployment configurations.

Documentation Updates:

  • Added a new section on using Managed Identities for the Azure Chat Solution Accelerator, detailing security advantages, services using Managed Identities, and deployment instructions. (docs/10.managed-identities.md)

Infrastructure Updates:

  • Introduced a new parameter disableLocalAuth in infra/main.bicep to toggle authentication by key, enforcing RBAC using Managed Identities. (infra/main.bicep) [1] [2]
  • Updated infra/main.json to include the disableLocalAuth parameter and its usage across various Azure services configurations. (infra/main.json) [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]

Deployment Configuration:

  • Modified the deployment instructions to ensure the parameter disableLocalAuth is set to true for using Managed Identities and updated environment variables accordingly. (infra/main.json) [1] [2]

These changes collectively enhance the security posture of the Azure Chat deployment by leveraging Managed Identities, while also simplifying secret management and access control.

@FreddyAyala
Copy link
Author

FreddyAyala commented Oct 6, 2024
edited
Loading

Hey there @thivy @davidxw ,
I've spent the last few days adding a new feature that enables the use of managed identities with the accelerator, except for Azure Speech, which I couldn't get to work reliably with managed identities and TypeScript.
As you might know, the FSI initiative is locking down tenants and enforcing the use of managed identities for internal tenants, particularly for CosmosDB. This change broke our solution, so I took the time to modify the infrastructure code and application services to support managed identities. This enhancement allows us to eliminate the risks associated with key sharing and deploy the solution in locked-down tenants.
Please take a look when you have a chance. I've conducted extensive testing to ensure everything works correctly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@FreddyAyala