access denied error while running terraform commands

4,378 views
Skip to first unread message

kaja salaam

unread,
Feb 6, 2018, 9:39:24 PM2/6/18
to Terraform

terraform -v
Terraform v0.10.2

terraform init
Downloading modules...
Get: git::https://github.platforms.engineering/science-at-scale/infrastructure-management
Get: file:///Users/mkaja/projects/vpc-creation/sas-presto-vpc/terraform/.terraform/modules/743eb8e8d6ada11367ccbf1fb8a12bb3/terraform/aws/modules/network/vpc
Get: file:///Users/mkaja/projects/vpc-creation/sas-presto-vpc/terraform/.terraform/modules/743eb8e8d6ada11367ccbf1fb8a12bb3/terraform/aws/modules/network/public_subnet
Get: file:///Users/mkaja/projects/vpc-creation/sas-presto-vpc/terraform/.terraform/modules/743eb8e8d6ada11367ccbf1fb8a12bb3/terraform/aws/modules/network/bastion
Get: file:///Users/mkaja/projects/vpc-creation/sas-presto-vpc/terraform/.terraform/modules/743eb8e8d6ada11367ccbf1fb8a12bb3/terraform/aws/modules/network/nat
Get: file:///Users/mkaja/projects/vpc-creation/sas-presto-vpc/terraform/.terraform/modules/743eb8e8d6ada11367ccbf1fb8a12bb3/terraform/aws/modules/network/private_subnet
Get: file:///Users/mkaja/projects/vpc-creation/sas-presto-vpc/terraform/.terraform/modules/743eb8e8d6ada11367ccbf1fb8a12bb3/terraform/aws/modules/network/vpc_endpoint

Initializing the backend...
Error loading state: AccessDenied: Access Denied
status code: 403, request id: 711F749C47860D34, host id: neMCQt/nv00DB8PK+Ns3RMkhfJP5kp62UEG1OONMeTxxBhrt2HDYB/9FMGeucEkUxWvx2xXwO50=

Expected Behavior

What should have happened?
it should get executed with error message

Actual Behavior

What actually happened?
Initializing the backend...
Error loading state: AccessDenied: Access Denied
status code: 403, request id: 711F749C47860D34, host id: neMCQt/nv00DB8PK+Ns3RMkhfJP5kp62UEG1OONMeTxxBhrt2HDYB/9FMGeucEkUxWvx2xXwO50=

Steps to Reproduce

Please list the steps required to reproduce the issue, for example:

  1. terraform apply

⁞ Fernando Miguel

unread,
Feb 7, 2018, 12:40:51 AM2/7/18
to terrafo...@googlegroups.com
The mailing list is probably not the best place for you to report this but, 

Does your user have credentials that grant access to that backend? 

--
Fernando Miguel

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/39cef862-fe1e-4f3e-9f60-0fca18babe4a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Tony Chia

unread,
Feb 13, 2018, 9:18:50 PM2/13/18
to Terraform
What does your tf file looks like? 

Are you using s3 backend? or different backend? 

It seems like the user that is executing terraform doesn't have read/write access to the s3 bucket. 

You can verify if you have the correct access using awscli or the aws console and verify you can see the content of the bucket 

kaja salaam

unread,
Feb 13, 2018, 11:13:04 PM2/13/18
to Terraform
thanks Fernando/Tony.

 yes its using s3 backend and it was working before successfully with terraform version 0.9 and we created 4 vpcs with that.
 we upgraded to 10.2 and see this issue 

Clint Shryock

unread,
Feb 14, 2018, 11:05:48 AM2/14/18
to terrafo...@googlegroups.com
Hello –

There have been a number of fixes, changes, and improvements specifically to backends since 0.9. Are you using a specific region by chance?

Cheers,
Clint

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/95eba734-6efd-400e-80c5-56416a958263%40googlegroups.com.

Tony Chia

unread,
Feb 14, 2018, 6:00:55 PM2/14/18
to Terraform
Were you able to access that S3 bucket with either AWS cli or aws console? 

If it worked in the past, you can always try downgrade to the old version and see if that works. 

Downgrading to older version of terraform is easy if you are using tfenv

kaja salaam

unread,
Feb 15, 2018, 8:13:41 AM2/15/18
to Terraform
yes Clint - I was using us-east-1 as specific region
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.

kaja salaam

unread,
Feb 15, 2018, 11:11:03 PM2/15/18
to Terraform
now i upgraded to latest version

terraform -v
Terraform v0.11.3
+ provider.aws v1.9.0

 # terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.terraform_remote_state.infrastructure: Refreshing state...
data.aws_caller_identity.current: Refreshing state...

Error: Error refreshing state: 1 error(s) occurred:

* module.vpc.data.terraform_remote_state.infrastructure: 1 error(s) occurred:

* module.vpc.data.terraform_remote_state.infrastructure: data.terraform_remote_state.infrastructure: error loading the remote state: AccessDenied: Access Denied
status code: 403, request id: 5732E9117941BF74, host id: lAvOWbK9GmBQIEs07rn0gQPNn1KzxFMIqDZVvhfVccM6I7mkMO/5dNqhkwcXUizKCCX5WuBTvzs=

⁞ Fernando Miguel

unread,
Feb 16, 2018, 1:51:49 AM2/16/18
to terrafo...@googlegroups.com
You have been shown an error accessing your remote state file. 

What's your backend? 
Are you using the right credentials and region variables? 
If it is s3, can you access it via aws cli? 

--
Fernando Miguel

To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/79dc3907-773f-4acc-9324-5813ddaa0800%40googlegroups.com.

kaja salaam

unread,
Feb 16, 2018, 11:27:37 AM2/16/18
to Terraform
What's your backend?  s3 
Are you using the right credentials and region variables? yes 
If it is s3, can you access it via aws cli? yes its working

aws s3 cp vpc.tf s3://bucketname/infrastructure_states/us-east-1/vpc-name/vpc.tf --sse AES256 --profile prod
upload: ./vpc.tf to s3://bucketname/infrastructure_states/us-east-1/vpc-name/vpc.tf

⁞ Fernando Miguel

unread,
Feb 16, 2018, 11:32:58 AM2/16/18
to terrafo...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages