diff --git a/README.md b/README.md
index 102ff042..457e0a48 100644
--- a/README.md
+++ b/README.md
@@ -66,6 +66,7 @@ The following resources are used by this module:
 - [azurerm_resource_group_template_deployment.telemetry](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group_template_deployment) (resource)
 - [azurerm_role_assignment.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
 - [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) (resource)
+- [azurerm_user_assigned_identity.aks](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) (resource)
 - [null_resource.kubernetes_version_keeper](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) (resource)
 - [random_id.telem](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/id) (resource)
 - [random_string.acr_suffix](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/string) (resource)
diff --git a/examples/default/README.md b/examples/default/README.md
index bc3503e1..589c2ac5 100644
--- a/examples/default/README.md
+++ b/examples/default/README.md
@@ -49,12 +49,6 @@ resource "azurerm_resource_group" "this" {
   name     = module.naming.resource_group.name_unique
 }
 
-resource "azurerm_user_assigned_identity" "this" {
-  location            = azurerm_resource_group.this.location
-  name                = "uami-${var.kubernetes_cluster_name}"
-  resource_group_name = azurerm_resource_group.this.name
-}
-
 # This is the module call
 # Do not specify location here due to the randomization above.
 # Leaving location as `null` will cause the module to use the resource group location
@@ -66,7 +60,6 @@ module "test" {
   name                = module.naming.kubernetes_cluster.name_unique
   resource_group_name = azurerm_resource_group.this.name
   location            = "East US" # Hardcoded instead of using module.regions because The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
-  identity_ids        = [azurerm_user_assigned_identity.this.id]
   pod_cidr            = "192.168.0.0/16"
   node_cidr           = "10.31.0.0/16"
 }
@@ -96,7 +89,6 @@ The following providers are used by this module:
 The following resources are used by this module:
 
 - [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
-- [azurerm_user_assigned_identity.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) (resource)
 - [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource)
 
 <!-- markdownlint-disable MD013 -->
@@ -118,14 +110,6 @@ Type: `bool`
 
 Default: `true`
 
-### <a name="input_kubernetes_cluster_name"></a> [kubernetes\_cluster\_name](#input\_kubernetes\_cluster\_name)
-
-Description: The name of the Kubernetes cluster.
-
-Type: `string`
-
-Default: `"myAks"`
-
 ## Outputs
 
 No outputs.
diff --git a/examples/default/main.tf b/examples/default/main.tf
index 0e33c3ee..74c05b7a 100644
--- a/examples/default/main.tf
+++ b/examples/default/main.tf
@@ -43,12 +43,6 @@ resource "azurerm_resource_group" "this" {
   name     = module.naming.resource_group.name_unique
 }
 
-resource "azurerm_user_assigned_identity" "this" {
-  location            = azurerm_resource_group.this.location
-  name                = "uami-${var.kubernetes_cluster_name}"
-  resource_group_name = azurerm_resource_group.this.name
-}
-
 # This is the module call
 # Do not specify location here due to the randomization above.
 # Leaving location as `null` will cause the module to use the resource group location
@@ -60,7 +54,6 @@ module "test" {
   name                = module.naming.kubernetes_cluster.name_unique
   resource_group_name = azurerm_resource_group.this.name
   location            = "East US" # Hardcoded instead of using module.regions because The "for_each" map includes keys derived from resource attributes that cannot be determined until apply, and so Terraform cannot determine the full set of keys that will identify the instances of this resource.
-  identity_ids        = [azurerm_user_assigned_identity.this.id]
   pod_cidr            = "192.168.0.0/16"
   node_cidr           = "10.31.0.0/16"
 }
diff --git a/examples/default/variables.tf b/examples/default/variables.tf
index 7a1a6265..e52bbd69 100644
--- a/examples/default/variables.tf
+++ b/examples/default/variables.tf
@@ -7,9 +7,3 @@ For more information see <https://aka.ms/avm/telemetryinfo>.
 If it is set to false, then no telemetry will be collected.
 DESCRIPTION
 }
-
-variable "kubernetes_cluster_name" {
-  type        = string
-  default     = "myAks"
-  description = "The name of the Kubernetes cluster."
-}
diff --git a/locals.tf b/locals.tf
index 3c8a9f3a..c137d75c 100644
--- a/locals.tf
+++ b/locals.tf
@@ -63,4 +63,8 @@ locals {
 }
 locals {
   log_analytics_tables = ["AKSAudit", "AKSAuditAdmin", "AKSControlPlane"]
+}
+
+locals {
+  identity_ids = var.identity_ids != null ? var.identity_ids : azurerm_user_assigned_identity.aks[*].id
 }
\ No newline at end of file
diff --git a/main.tf b/main.tf
index 242a2d70..f80596ed 100644
--- a/main.tf
+++ b/main.tf
@@ -25,6 +25,15 @@ resource "azurerm_role_assignment" "acr" {
   skip_service_principal_aad_check = true
 }
 
+resource "azurerm_user_assigned_identity" "aks" {
+  count = var.identity_ids != null ? 0 : 1
+
+  location            = var.location
+  name                = "uami-aks"
+  resource_group_name = var.resource_group_name
+  tags                = var.tags
+}
+
 resource "azurerm_kubernetes_cluster" "this" {
   location                          = var.location
   name                              = var.name
@@ -59,24 +68,16 @@ resource "azurerm_kubernetes_cluster" "this" {
   auto_scaler_profile {
     balance_similar_node_groups = true
   }
-  dynamic "identity" {
-    for_each = var.identity_ids != null ? [var.identity_ids] : []
-    content {
-      type         = "UserAssigned"
-      identity_ids = var.identity_ids
-    }
+  identity {
+    type         = "UserAssigned"
+    identity_ids = local.identity_ids
   }
   key_vault_secrets_provider {
     secret_rotation_enabled = true
   }
-  dynamic "monitor_metrics" {
-
-    for_each = var.monitor_metrics != null ? [var.monitor_metrics] : []
-
-    content {
-      annotations_allowed = var.monitor_metrics.annotations_allowed
-      labels_allowed      = var.monitor_metrics.labels_allowed
-    }
+  monitor_metrics {
+    annotations_allowed = try(var.monitor_metrics.annotations_allowed, null)
+    labels_allowed      = try(var.monitor_metrics.labels_allowed, null)
   }
   network_profile {
     network_plugin      = "azure"