Unable to get SystemAssigned identity attributes

Following block in app_service is supposed to create a System Generated tenant_id and principal_id that can be used in the later blocks

identity {
type = “SystemAssigned”
}

But when I try to use these these as follows

resource “azurerm_key_vault_access_policy” “app” {
key_vault_id = var.key_vault_id
tenant_id = azurerm_app_service.app.identity[0].tenant_id
object_id = azurerm_app_service.app.identity[0].principal_id
secret_permissions = [“get”, “list”]

depends_on = [azurerm_app_service.app]
}

terraform throws an error

Error: “object_id”: required field is not set

on …\modules\app-service\main.tf line 68, in resource “azurerm_key_vault_access_policy” “app”:
68: resource “azurerm_key_vault_access_policy” “app” {

Error: “tenant_id”: required field is not set

on …\modules\app-service\main.tf line 68, in resource “azurerm_key_vault_access_policy” “app”:
68: resource “azurerm_key_vault_access_policy” “app” {

Any ideas?