diff --git a/src/modules/_networking/subnet_network_security_group_association/_locals.tf b/src/modules/_networking/subnet_network_security_group_association/_locals.tf
index 9c0119b1..e9574711 100644
--- a/src/modules/_networking/subnet_network_security_group_association/_locals.tf
+++ b/src/modules/_networking/subnet_network_security_group_association/_locals.tf
@@ -1,16 +1,28 @@
 locals {
-  subnet_id = try(
-    var.resources[
-      try(var.settings.lz_key, var.client_config.landingzone_key)
-    ].virtual_networks[split("/", var.settings.subnet_ref)[0]].subnets[split("/", var.settings.subnet_ref)[1]].id,
-    var.settings.subnet_ref
+  subnet_lz_key = (
+    try(var.settings.lz_key, null) != null ?
+    var.settings.lz_key :
+    try(var.settings.sub_lz_key, var.client_config.landingzone_key)
+  )
+
+  nsg_lz_key = (
+    try(var.settings.lz_key, null) != null ?
+    var.settings.lz_key :
+    try(var.settings.nsg_lz_key, var.client_config.landingzone_key)
   )
 
+  subnet_id = try(
+    var.resources[local.subnet_lz_key]
+    .virtual_networks[split("/", var.settings.subnet_ref)[0]]
+    .subnets[split("/", var.settings.subnet_ref)[1]]
+    .id,
+    var.settings.subnet_id
+  )
 
   network_security_group_id = try(
-    var.resources[
-      try(var.settings.lz_key, var.client_config.landingzone_key)
-    ].network_security_groups[var.settings.network_security_group_ref].id,
-    var.settings.network_security_group_ref
+    var.resources[local.nsg_lz_key]
+    .network_security_groups[var.settings.network_security_group_ref]
+    .id,
+    var.settings.network_security_group_id
   )
 }
diff --git a/src/modules/_networking/virtual_network_gateway/main.tf b/src/modules/_networking/virtual_network_gateway/main.tf
index 0edf46ac..0d4b4579 100644
--- a/src/modules/_networking/virtual_network_gateway/main.tf
+++ b/src/modules/_networking/virtual_network_gateway/main.tf
@@ -19,11 +19,11 @@ resource "azurerm_virtual_network_gateway" "main" {
       private_ip_address_allocation = try(ip_configuration.value.private_ip_address_allocation, null)
 
       public_ip_address_id = var.resources[
-        try(ip_configuration.value.lz_key, var.client_config.landingzone_key)
+        try(ip_configuration.value.lz_key, ip_configuration.value.pip_lz_key, var.client_config.landingzone_key)
       ].public_ips[ip_configuration.value.public_ip_address_ref].id
 
       subnet_id = var.resources[
-        try(ip_configuration.value.lz_key, var.client_config.landingzone_key)
+        try(ip_configuration.value.lz_key, ip_configuration.value.snet_lz_key, var.client_config.landingzone_key)
         ].virtual_networks[
         split("/", ip_configuration.value.subnet_ref)[0]
         ].subnets[