TF 14, Azure cloud, Keyvault and private AKS under same RG (diff modules) – I need to connect the AKS VNET to the Keyvault
This is the KV source code:
And I wish to add the following steps to the Keyvault resource group Terraform code and not via the Azure Portal :
**Set 'Private endpoint and selected network' radio button on**
**'Add virtual existing network' with all its below fields details**
You’ll want to set azurerm_key_vault.key-vault.network_acls.0.default_action to “Deny”, and add virtual_network_subnet_ids to your network_acls block.
This configuration works for me:
resource "azurerm_subnet" "example" {
name = "example-subnet"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.1.0/24"]
service_endpoints = ["Microsoft.KeyVault"]
}
resource "azurerm_key_vault" "example" {
name = "example-63475763"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
tenant_id = data.azurerm_client_config.current.tenant_id
sku_name = "standard"
network_acls {
default_action = "Deny"
bypass = "AzureServices"
virtual_network_subnet_ids = [azurerm_subnet.example.id]
}
}