diff --git a/bicep/main.bicep b/bicep/main.bicep
index 28cc17e1..6aed3e26 100644
--- a/bicep/main.bicep
+++ b/bicep/main.bicep
@@ -1261,6 +1261,7 @@ var azureDefenderSecurityProfile = {
   }
 }
 
+
 var aksProperties = union({
   kubernetesVersion: kubernetesVersion
   enableRBAC: true
@@ -1270,8 +1271,8 @@ var aksProperties = union({
     enableAzureRBAC: enableAzureRBAC
     tenantID: aad_tenant_id
   } : null
-  apiServerAccessProfile: !empty(authorizedIPRanges) ? {
-    authorizedIPRanges: authorizedIPRanges
+  apiServerAccessProfile: !empty(authorizedIPRanges)  ? {
+    authorizedIPRanges: createNatGateway ? concat(authorizedIPRanges, network.outputs.natGwIpArr) : authorizedIPRanges
   } : {
     enablePrivateCluster: enablePrivateCluster
     privateDNSZone: enablePrivateCluster ? aksPrivateDnsZone : ''
diff --git a/bicep/network.bicep b/bicep/network.bicep
index a3630087..81fe61d8 100644
--- a/bicep/network.bicep
+++ b/bicep/network.bicep
@@ -61,6 +61,10 @@ var bastion_baseSubnet = {
 }
 var bastion_subnet = bastion && networkSecurityGroups ? union(bastion_baseSubnet, nsgBastion.outputs.nsgSubnetObj) : bastion_baseSubnet
 
+//NatGatewayEgress
+
+var NatAvailabilityZone = array(first(availabilityZones))
+
 var acrpool_subnet_name = 'acrpool-sn'
 var acrpool_baseSubnet = {
   name: acrpool_subnet_name
@@ -507,20 +511,23 @@ resource natGwIp 'Microsoft.Network/publicIPAddresses@2021-08-01' =  [for i in r
   sku: {
     name: 'Standard'
   }
-  zones: !empty(availabilityZones) ? availabilityZones : []
+  zones: !empty(availabilityZones) ? NatAvailabilityZone : []
   properties: {
     publicIPAllocationMethod: 'Static'
   }
 }]
 
+output natGwIpArr array = [for i in range(0, natGatewayPublicIps): natGateway ? natGwIp[i].properties.ipAddress : null]
+
 var natGwName = 'ng-${resourceName}'
+
 resource natGw 'Microsoft.Network/natGateways@2021-08-01' = if(natGateway) {
   name: natGwName
   location: location
   sku: {
     name: 'Standard'
   }
-  zones: !empty(availabilityZones) ? first(availabilityZones) : []
+  zones: !empty(availabilityZones) ? NatAvailabilityZone : []
   properties: {
     publicIpAddresses: [for i in range(0, natGatewayPublicIps): {
       id: natGwIp[i].id