Azure · AlexanderSehr · Jan 15, 2025 · Dec 30, 2024 · Dec 3, 2024 · Jan 2, 2025
@@ -19,7 +19,7 @@ This module deploys a Key Vault.
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 | `Microsoft.KeyVault/vaults` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults) |
-| `Microsoft.KeyVault/vaults/accessPolicies` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/accessPolicies) |
+| `Microsoft.KeyVault/vaults/accessPolicies` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2023-07-01/vaults/accessPolicies) |
 | `Microsoft.KeyVault/vaults/keys` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/keys) |
 | `Microsoft.KeyVault/vaults/secrets` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/secrets) |
 | `Microsoft.Network/privateEndpoints` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/privateEndpoints) |
@@ -56,7 +56,6 @@ module vault 'br/public:avm/res/key-vault/vault:<version>' = {
     name: 'kvvmin002'
     // Non-required parameters
     enablePurgeProtection: false
-    location: '<location>'
   }
 }
 ```
@@ -80,9 +79,6 @@ module vault 'br/public:avm/res/key-vault/vault:<version>' = {
     // Non-required parameters
     "enablePurgeProtection": {
       "value": false
-    },
-    "location": {
-      "value": "<location>"
     }
   }
 }
@@ -102,7 +98,6 @@ using 'br/public:avm/res/key-vault/vault:<version>'
 param name = 'kvvmin002'
 // Non-required parameters
 param enablePurgeProtection = false
-param location = '<location>'
 ```
 
 </details>
@@ -159,7 +154,6 @@ module vault 'br/public:avm/res/key-vault/vault:<version>' = {
         }
       }
     ]
-    location: '<location>'
   }
 }
 ```
@@ -219,9 +213,6 @@ module vault 'br/public:avm/res/key-vault/vault:<version>' = {
           }
         }
       ]
-    },
-    "location": {
-      "value": "<location>"
     }
   }
 }
@@ -275,7 +266,6 @@ param keys = [
     }
   }
 ]
-param location = '<location>'
 ```
 
 </details>
@@ -1111,7 +1101,6 @@ module vault 'br/public:avm/res/key-vault/vault:<version>' = {
         }
       }
     ]
-    location: '<location>'
   }
 }
 ```
@@ -1171,9 +1160,6 @@ module vault 'br/public:avm/res/key-vault/vault:<version>' = {
           }
         }
       ]
-    },
-    "location": {
-      "value": "<location>"
     }
   }
 }
@@ -1227,7 +1213,6 @@ param keys = [
     }
   }
 ]
-param location = '<location>'
 ```
 
 </details>
@@ -1293,7 +1278,6 @@ module vault 'br/public:avm/res/key-vault/vault:<version>' = {
         }
       }
     ]
-    location: '<location>'
     networkAcls: {
       bypass: 'AzureServices'
       defaultAction: 'Deny'
@@ -1400,9 +1384,6 @@ module vault 'br/public:avm/res/key-vault/vault:<version>' = {
         }
       ]
     },
-    "location": {
-      "value": "<location>"
-    },
     "networkAcls": {
       "value": {
         "bypass": "AzureServices",
@@ -1509,7 +1490,6 @@ param keys = [
     }
   }
 ]
-param location = '<location>'
 param networkAcls = {
   bypass: 'AzureServices'
   defaultAction: 'Deny'
@@ -2433,7 +2413,7 @@ Configuration details for private endpoints. For security reasons, it is recomme
 | [`name`](#parameter-privateendpointsname) | string | The name of the Private Endpoint. |
 | [`privateDnsZoneGroup`](#parameter-privateendpointsprivatednszonegroup) | object | The private DNS Zone Group to configure for the Private Endpoint. |
 | [`privateLinkServiceConnectionName`](#parameter-privateendpointsprivatelinkserviceconnectionname) | string | The name of the private link connection to create. |
-| [`resourceGroupName`](#parameter-privateendpointsresourcegroupname) | string | Specify if you want to deploy the Private Endpoint into a different Resource Group than the main resource. |
+| [`resourceGroupResourceId`](#parameter-privateendpointsresourcegroupresourceid) | string | The resource ID of the Resource Group the Private Endpoint will be created in. If not specified, the Resource Group of the provided Virtual Network Subnet is used. |
 | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. |
 | [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the Private Endpoint for. For example "vault" for a Key Vault Private Endpoint. |
 | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/Resource Groups in this deployment. |
@@ -2686,9 +2666,9 @@ The name of the private link connection to create.
 - Required: No
 - Type: string
 
-### Parameter: `privateEndpoints.resourceGroupName`
+### Parameter: `privateEndpoints.resourceGroupResourceId`
 
-Specify if you want to deploy the Private Endpoint into a different Resource Group than the main resource.
+The resource ID of the Resource Group the Private Endpoint will be created in. If not specified, the Resource Group of the provided Virtual Network Subnet is used.
 
 - Required: No
 - Type: string
@@ -3189,7 +3169,7 @@ This section gives you an overview of all local-referenced module files (i.e., o
 | Reference | Type |
 | :-- | :-- |
 | `br/public:avm/res/network/private-endpoint:0.9.0` | Remote reference |
-| `br/public:avm/utl/types/avm-common-types:0.2.1` | Remote reference |
+| `br/public:avm/utl/types/avm-common-types:0.5.1` | Remote reference |
 
 ## Data Collection
 

@@ -12,7 +12,7 @@ This module deploys a Key Vault Access Policy.
 
 | Resource Type | API Version |
 | :-- | :-- |
-| `Microsoft.KeyVault/vaults/accessPolicies` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/accessPolicies) |
+| `Microsoft.KeyVault/vaults/accessPolicies` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2023-07-01/vaults/accessPolicies) |
 
 ## Parameters
 

@@ -6,26 +6,24 @@ metadata owner = 'Azure/module-maintainers'
 param keyVaultName string
 
 @description('Optional. An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault\'s tenant ID.')
-param accessPolicies accessPoliciesType
-
-var formattedAccessPolicies = [
-  for accessPolicy in (accessPolicies ?? []): {
-    applicationId: accessPolicy.?applicationId ?? ''
-    objectId: accessPolicy.objectId
-    permissions: accessPolicy.permissions
-    tenantId: accessPolicy.?tenantId ?? tenant().tenantId
-  }
-]
+param accessPolicies accessPoliciesType[]?
 
 resource keyVault 'Microsoft.KeyVault/vaults@2022-07-01' existing = {
   name: keyVaultName
 }
 
-resource policies 'Microsoft.KeyVault/vaults/accessPolicies@2022-07-01' = {
+resource policies 'Microsoft.KeyVault/vaults/accessPolicies@2023-07-01' = {
   name: 'add'
   parent: keyVault
   properties: {
-    accessPolicies: formattedAccessPolicies
+    accessPolicies: [
+      for accessPolicy in (accessPolicies ?? []): {
+        applicationId: accessPolicy.?applicationId ?? ''
+        objectId: accessPolicy.objectId
+        permissions: accessPolicy.permissions
+        tenantId: accessPolicy.?tenantId ?? tenant().tenantId
+      }
+    ]
   }
 }
 
@@ -41,6 +39,8 @@ output resourceId string = policies.id
 // ================ //
 // Definitions      //
 // ================ //
+@export()
+@description('The type for an access policy.')
 type accessPoliciesType = {
   @description('Optional. The tenant ID that is used for authenticating requests to the key vault.')
   tenantId: string?
@@ -118,4 +118,4 @@ type accessPoliciesType = {
       | 'setsas'
       | 'update')[]?
   }
-}[]?
+}