diff --git a/terraform/modules/k8s/main.tf b/terraform/modules/k8s/main.tf
index 8ecbb4cd..1d46fc4c 100644
--- a/terraform/modules/k8s/main.tf
+++ b/terraform/modules/k8s/main.tf
@@ -81,3 +81,9 @@ resource "azurerm_monitor_diagnostic_setting" "k8s_diagnostic-1" {
     }
   }
 }
+
+resource "azurerm_role_assignment" "k8s_network_contrib" {
+  scope                = var.vnet_id
+  role_definition_name = "Network Contributor"
+  principal_id         = azurerm_kubernetes_cluster.k8s.identity[0].principal_id
+}
diff --git a/terraform/modules/k8s/variables.tf b/terraform/modules/k8s/variables.tf
index 79bac3de..1445bdae 100644
--- a/terraform/modules/k8s/variables.tf
+++ b/terraform/modules/k8s/variables.tf
@@ -66,4 +66,9 @@ variable "client_secret" {
 variable "workspace_id" {
   description = "Log Analytics workspace for this resource to log to"
   type        = string
-}
\ No newline at end of file
+}
+
+variable "vnet_id" {
+  description = "The ID of the VNET that the AKS cluster app registration needs to provision load balancers in"
+  type        = string
+}
diff --git a/terraform/modules/vpc/outputs.tf b/terraform/modules/vpc/outputs.tf
index baa32935..b1f0fe38 100644
--- a/terraform/modules/vpc/outputs.tf
+++ b/terraform/modules/vpc/outputs.tf
@@ -6,4 +6,8 @@ output "subnet_list" {
   value = {
     for k, id in azurerm_subnet.subnet : k => id
   }
-}
\ No newline at end of file
+}
+
+output "id" {
+  value = azurerm_virtual_network.vpc.id
+}
diff --git a/terraform/providers/dev/k8s.tf b/terraform/providers/dev/k8s.tf
index fe3dac18..33cbabe4 100644
--- a/terraform/providers/dev/k8s.tf
+++ b/terraform/providers/dev/k8s.tf
@@ -23,6 +23,7 @@ module "k8s" {
   client_id           = data.azurerm_key_vault_secret.k8s_client_id.value
   client_secret       = data.azurerm_key_vault_secret.k8s_client_secret.value
   workspace_id        = module.logs.workspace_id
+  vnet_id             = module.vpc.id
 }
 
 #module "main_lb" {