If necessary, this should be completed after the infrastructure is complete. The project initially had a VNet, private endpoints, etc. but were removed for simplicity sake while onboarding new developers.
virtual network with private endpoint subnet, apim subnet, and aks (api) subnet
apim deployed in internal mode with public ip
key vault resource should have private endpoint, disallow traffic
azure monitor should have private link scope, app insights and log analytics should disallow query/ingestion
If necessary, this should be completed after the infrastructure is complete. The project initially had a VNet, private endpoints, etc. but were removed for simplicity sake while onboarding new developers.