Terraform Error while trying to use Azure Key Vault Private Endpoint Resource

I am trying to create a Private Endpoint resource for my KV which is there in the Identity Subscription My Private DNS Zones and Private DNS Zone virtual network links are all in the Connectivity Subscription I have put the code for those two resources in the Connectivity Folder

Now i want to create the Private Endpoint for my KV in Identity subscription and am using the below code

resource "azurerm_private_endpoint" "kv_pe" {
  name                = format("pe-%s-%s-%s-%s",local.application_names.workload_type,var.environment,var.location_short_name,var.instance_number)
  resource_group_name = module.resource_group.rg_name_subs
  location            = var.location
  subnet_id           = module.pvtlink_subnet.id
  private_dns_zone_group {
    name                 = local.application_name.kv_dns_zone_group_name
    private_dns_zone_ids = [azurerm_private_dns_zone.private_dns_zones["privatelink-vaultcore-azure-net"].id]
  }
  private_service_connection {
    is_manual_connection           = false
    private_connection_resource_id = module.key_vault.id 
    name                           = local.application_names.pes_conn_name_kv
    subresource_names              = ["vault"]
  }
  depends_on = [module.key_vault]
}

TF is throwing the below error while trying to do a plan :

Error: Reference to undeclared resource
│ 
│   on subscriptions/identity/identity.tf line 417, in resource "azurerm_private_endpoint" "kv_pe":
│  417:     private_dns_zone_ids = [azurerm_private_dns_zone.private_dns_zones["privatelink-vaultcore-azure-net"].id]
│ 
│ A managed resource "azurerm_private_dns_zone" "private_dns_zones" has not
│ been declared in module.identity_subscription.

How do i refer the private dns zone that i have created under "connectivity.tf" file in the "identity.tf" where i am creating the KV private endpoint

My folder structure is shown in the screenshot

You can use a data block to reference the existing azurerm_private_dns_zone resource in the identity.tf file. This can ensures that the files azurerm_private_dns_zone created in the connectivity folder/module can be accessed by the identity folder/module.

Here is the updated Terraform code below to reference the private DNS zone from connectivity.tf in the identity.tf block.

Connectivity/connectivity.tf

resource "azurerm_private_dns_zone" "kv_private_dns_zone" {
  name                = "privatelink.vaultcore.azure.net"
  resource_group_name = "Venkat-RG"
}

Identity/identity.tf

   data "azurerm_private_dns_zone" "name" {
      name                = "privatelink.vaultcore.azure.net"
    }
    resource "azurerm_private_endpoint" "kv_private_endpoint" {
      name                = "venkat-vaulttest"
      resource_group_name = "Venkat-RG"
      location            = "eastus"      
      subnet_id           = "/subscriptions/833hgjgja7c-4dafjgjjggjg/resourceGroups/Venkat-RG/providers/Microsoft.Network/virtualNetworks/venkat-vnet/subnets/KV-subnet"
    
      private_dns_zone_group {
        name                 = "kv-private-dns-group"
        private_dns_zone_ids = [data.azurerm_private_dns_zone.name.id]
      }
    
      private_service_connection {
        is_manual_connection           = false
        private_connection_resource_id = "/subscriptions/8332bf56-aa7c-4daa-a507-d7e60e5f09a9/resourceGroups/Venkat-RG/providers/Microsoft.KeyVault/vaults/venkat-vault"
        name                           = "keyvault-connection"
        subresource_names              = ["vault"]
      }
    }

main.tf

provider "azurerm" {
  features {}
  subscription_id ="8332ccccc507-d7e60e5f09a9"
}
module "connectivity" {
  source = "./subscription/connectivity"
}

module "identity" {
  source = "./subscription/identity"
  depends_on = [ module.connectivity ]
}

My Folder Staructure

Terraform apply

After running the script, the private endpoint was created and attached to the Key Vault.