I've scoured the 'net for help, but there's next to nothing on this specific issue. My use case is that I need to create an ARM template that adds an access policy to an existing Azure key vault in one resource group, but deploy VMs into a second one.
I can deploy VMs, assign Managed Service Identities (MSIs) to them, and add those MSIs to an accessPolicy for a key vault that already exists, all the same ARM template. The catch is, the key vault has to be in the same resource group as the VMs I'm deploying.
When I try to deploy VMs into a different resource group using the same key vault as before, I'm getting one of several errors depending on how I structure the ARM template:
If I reference the Key Vault as a resource in the ARM template, I get the error message "the name (keyvault-name) is already in use (Code: VaultAlreadyExists)
If I instead just try to use the key vault accessPolicy as a top-level resource, I get an error stating "Can not perform requested operation on nested resource. Parent resource keyvault-name not found" (Code: ParentResourceNotFound)
Really puzzling, because when I try the second method where I'm launching VMs into the same Resource Group as the VMs, it works just fine.
Any help is greatly appreciated!
Cheers,
-Maashu
