IIS App Pool certificate private key permissions

I have an IIS server app that needs access to the private key of a certificate so it can create JWT tokens for auth purposes.  In the development environment I don't need super accurate allocation of permissions, so the following script installs the certificate and then assigns permission to all the IIS App Pools on the server.

 function AllowAppPoolsAccessToPrivateKeyForCert(){  
   param ( $certName )  
   
   #find signing certificate  
   $c = ((gci Cert:\LocalMachine\My) | where { $_.Subject -eq "CN=$certName" })[0]  
   $fullPath = "C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\$($c.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName)"  
   $acl=Get-Acl -Path $fullPath  
   foreach ($appPool in ((gci iis:\appPools | where { -not ($_.Name.StartsWith(".NET")) }) | select "Name")){  
     $permission= "IIS APPPOOL\$(($appPool.Name).ToString())","FullControl","Allow"  
     $accessRule=new-object System.Security.AccessControl.FileSystemAccessRule $permission  
     $acl.AddAccessRule($accessRule)  
   }  
   #$acl.GetAccessRules($true,$true, [System.Security.Principal.NTAccount])  
   Set-Acl $fullPath $acl  
 }  
   
   
 Import-PfxCertificate -CertStoreLocation Cert:\LocalMachine\My\ -FilePath "c:\Install-files\MySigningCert.pfx" -Password $pass  
   
 AllowAppPoolsAccessToPrivateKeyForCert -certName "MySigningCert"