My simple terraform file is:
provider "aws" {
region = "region"
access_key = "key"
secret_key = "secret_key"
}
terraform {
backend "s3" {
# Replace this with your bucket name!
bucket = "great-name-terraform-state-2"
key = "global/s3/terraform.tfstate"
region = "eu-central-1"
# Replace this with your DynamoDB table name!
dynamodb_table = "great-name-locks-2"
encrypt = true
}
}
resource "aws_s3_bucket" "terraform_state" {
bucket = "great-name-terraform-state-2"
# Enable versioning so we can see the full revision history of our
# state files
versioning {
enabled = true
}
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
sse_algorithm = "AES256"
}
}
}
}
resource "aws_dynamodb_table" "terraform_locks" {
name = "great-name-locks-2"
billing_mode = "PAY_PER_REQUEST"
hash_key = "LockID"
attribute {
name = "LockID"
type = "S"
}
}
All I am trying to do is to replace my backend from local to be store at S3. I am doing the following:
terraform init
( when the terrafrom{} block is comment )
terrafrom apply
- I can see in my AWS that the bucket was created and the Dynmpo table as well.
now I am un commenting the terrafrom block and again terraform init
and i get the following error:
Error loading state:
AccessDenied: Access Denied
status code: 403, request id: xxx, host id: xxxx
My IAM has administer access
I am using Terraform v0.12.24
as one can observe, I am directly writing my AWS key and secret in the file
What am i doing wrong?
I appreciate any help!
I encountered this before. Following are the steps that will help you overcome that error-
backend "s3" {
bucket = "great-name-terraform-state-2"
key = "global/s3/terraform.tfstate"
region = "eu-central-1"
access_key = "<access-key>"
secret_key = "<secret-key>"
}
}
The error should be gone.
I also faced the same issue. Then I manually remove the state file from my local system. You can find the terraform.tfstate file under .terraform/ directory and run init again. in case you had multiple profiles configured in aws cli. not mentioning profile under aws provider configuration will make terraform use default profile.
I knew that my credentials were fine by running terraform init
on other projects that shared the same S3 bucket for their Terraform backend.
What worked for me:
rm -rf .terraform/
Edit
Make sure to run terraform init
again after deleting your local .terraform
directory to ensure you installed the required packages.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With