Terraform scenarios to Create Azure Key Vault with Managed Identity for Access Policies
I'm relatively new to this, so bear with me. I'm updating my dependencies and I'm working on a personal project and I'm sure I'm missing something obvious here, but I'm trying to provision an Azure Key Vault using Terraform along with a managed identity that should have access to this Key Vault... However, when I run `terraform apply`, I get an behavior stating that the access policy want to be assigned because the Key Vault is not yet created, even though it attempts to apply the access policy right after the Key Vault resource. I'm using Terraform v1.3.5 and the Azure provider v2.64.0. Here is the code snippet I'm using: ```hcl provider "azurerm" { features {} } resource "azurerm_resource_group" "example" { name = "example-resources" location = "East US" } resource "azurerm_key_vault" "example" { name = "examplekeyvault" resource_group_name = azurerm_resource_group.example.name location = azurerm_resource_group.example.location enabled_for_disk_encryption = true sku { name = "standard" } tenant_id = var.tenant_id } resource "azurerm_user_assigned_identity" "example_identity" { name = "example-identity" resource_group_name = azurerm_resource_group.example.name location = azurerm_resource_group.example.location } resource "azurerm_key_vault_access_policy" "example_access_policy" { key_vault_id = azurerm_key_vault.example.id tenant_id = var.tenant_id object_id = azurerm_user_assigned_identity.example_identity.principal_id permissions { keys = ["get", "list"] secrets = ["get", "list"] } } ``` I have tried changing the order of resource definitions and added dependencies using `depends_on`, but it results in the same behavior: `behavior: Key Vault access policy can only be set after the Key Vault is created`. I also ensured that the managed identity is defined before the access policy, but Terraform still attempts to apply the access policy too early. Any suggestions on how to resolve this scenario? I need the access policy to be set up right after the Key Vault is created without running into this circular dependency question. This is part of a larger application I'm building. Has anyone else encountered this? I'm developing on CentOS with Hcl.