Bicep - Unable to add KeyVault Access Policy from other resource module

Question

I am creating application gateway AG1 through bicep in subscription SZ1, resource group RZ1. In the same module i need to add keyvault access policy (for application gateway identity) to our common keyvault KV1 located in a cental subscription SHU1 and resource group RGU1. Now when i am using the below code it is saying unable to find KV1 in resource group RZ1 and Subscription SZ1....even though i used 'existing' keyvault it is not looking there.... Could anyone figure out what was wrong...thanks

resource applicationGateWay 'Microsoft.Network/applicationGateways@2023-04-01' = {
  name: appGatewayServiceName
  location: location
  identity: {
    type: 'UserAssigned'  

    userAssignedIdentities: {
      '${userAssignedIdentity.id}': {}
      }
  }

.....

.....

}

resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
  name: 'KV1'
  scope: resourceGroup('SHU1', 'RGU1') 
}

resource keyVaultAccessPolicy 'Microsoft.KeyVault/vaults/accessPolicies@2022-07-01' =  {
    dependsOn:[
      keyVault
    ]
    name: '${keyVault.name}/add'  
    
    properties: {
      accessPolicies: [
        {
          tenantId: tenant().tenantId
          objectId: userAssignedIdentity.id
          permissions: {
            keys: ['get', 'list']
            secrets: ['get', 'list']
            certificates: ['get', 'list']
          }
        }
      ]
    }
}

Answer 1

Hello @Rajesh Ambakkat and thanks for sharing your solution. Since accepting your own answer is not supported I'm reposting your solution here so that you can accept and rate it. It will ensure that others facing a similar issue can easily find a solution.

I am able to solve this issue using the approach mentioned in the link below...created a separate module for keyvaultpolicy https://github.com/Azure/bicep/discussions/6203