How to solve Error loading state: AccessDenied: Access Denied status code: 403 when trying to use s3 for terraform backend?

terraform terraform-provider-aws
helpper picture helpper · May 17, 2020 · Viewed 7.1k times · Source

my simple terraform file is:

provider "aws" {
  region = "region"
  access_key = "key" 
  secret_key = "secret_key"
}

terraform {
  backend "s3" {
    # Replace this with your bucket name!
    bucket         = "great-name-terraform-state-2"
    key            = "global/s3/terraform.tfstate"
    region         = "eu-central-1"
    # Replace this with your DynamoDB table name!
    dynamodb_table = "great-name-locks-2"
    encrypt        = true
  }
}

resource "aws_s3_bucket" "terraform_state" {
  bucket = "great-name-terraform-state-2"
  # Enable versioning so we can see the full revision history of our
  # state files
  versioning {
    enabled = true
  }
  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        sse_algorithm = "AES256"
      }
    }
  }
}

resource "aws_dynamodb_table" "terraform_locks" {
  name         = "great-name-locks-2"
  billing_mode = "PAY_PER_REQUEST"
  hash_key     = "LockID"
  attribute {
    name = "LockID"
    type = "S"
    }
}

All I am trying to do is to replace my backend from local to be store at S3. I am doing the following:

  1. terraform init ( when the terrafrom{} block is comment )

  2. terrafrom apply - I can see in my AWS that the bucket was created and the Dynmpo table as well.

  3. now I am un commenting the terrafrom block and again terraform init and i get the following error:

Error loading state:
    AccessDenied: Access Denied
        status code: 403, request id: xxx, host id: xxxx

My IAM has administer access I am using Terraform v0.12.24 as one can observe, I am directly writing my AWS key and secret in the file

what am i doing wrong? appreciate the help!

Answer

Mintu picture Mintu · Dec 26, 2020

I encountered this before. Following are the steps that will help you overcome that error-

  1. Delete the .terraform directory
  2. Place the access_key and secret_key under the backend block. like below given code
  3. Run terraform init
  backend "s3" {
    bucket = "great-name-terraform-state-2"
    key    = "global/s3/terraform.tfstate"
    region = "eu-central-1"
    access_key = "<access-key>"
    secret_key = "<secret-key>"
  }
}

The error should be gone.

Related questions

How do I create an SSH key in Terraform?

I need to spin up a bunch of EC2 boxes for different users. Each user should be sandboxed from all the others, so each EC2 box needs its own SSH key. What's the best way to accomplish this in Terraform? …

Read More
How to create a Terraform with if, else, elsif statement?

I'm setting up a terraform module to create an aurora cluster. I need to have an option for cross region replication so i need to decide the region of the replica in relation to the source region. Is there any …

Read More
Terraform aws: Error No configuration files found

I am new to Terraform. I am writing a small script to put a small datafile from my machine to aws S3 bucket.. but I am getting below error. Terraform file code:- provider "aws" { region = "us-east-1" version = "~> 1.6" } terraform { …

Read More