I am creating application gateway AG1 through bicep in subscription SZ1, resource group RZ1. In the same module i need to add keyvault access policy (for application gateway identity) to our common keyvault KV1 located in a cental subscription SHU1 and resource group RGU1. Now when i am using the below code it is saying unable to find KV1 in resource group RZ1 and Subscription SZ1....even though i used 'existing' keyvault it is not looking there.... Could anyone figure out what was wrong...thanks
resource applicationGateWay 'Microsoft.Network/applicationGateways@2023-04-01' = {
name: appGatewayServiceName
location: location
identity: {
type: 'UserAssigned'
userAssignedIdentities: {
'${userAssignedIdentity.id}': {}
}
}
.....
.....
}
resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
name: 'KV1'
scope: resourceGroup('SHU1', 'RGU1')
}
resource keyVaultAccessPolicy 'Microsoft.KeyVault/vaults/accessPolicies@2022-07-01' = {
dependsOn:[
keyVault
]
name: '${keyVault.name}/add'
properties: {
accessPolicies: [
{
tenantId: tenant().tenantId
objectId: userAssignedIdentity.id
permissions: {
keys: ['get', 'list']
secrets: ['get', 'list']
certificates: ['get', 'list']
}
}
]
}
}