diff --git a/terraform/clouds/azure/iam.tf b/terraform/clouds/azure/iam.tf
new file mode 100644
index 0000000..16907d4
--- /dev/null
+++ b/terraform/clouds/azure/iam.tf
@@ -0,0 +1,15 @@
+resource "azurerm_role_assignment" "aks-network-identity-kubelet" {
+  scope                = azurerm_virtual_network.network.id
+  role_definition_name = "Network Contributor"
+  principal_id         = module.aks[0].kubelet_identity
+
+  depends_on = [module.aks, azurerm_virtual_network.network]
+}
+
+resource "azurerm_role_assignment" "aks-network-identity-ssi" {
+  scope                = azurerm_virtual_network.network.id
+  role_definition_name = "Network Contributor"
+  principal_id         = module.aks[0].cluster_identity
+
+  depends_on = [module.aks, azurerm_virtual_network.network]
+}
\ No newline at end of file