AccessDenied
terraform
auth_error
ai_generated
true
Error: error accessing remote state: AccessDenied: Access Denied
ID: terraform/terraform-apply-permission-denied-s3-backend
85%Fix Rate
86%Confidence
1Evidence
2023-05-12First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Terraform v1.0+ | active | — | — | — |
| AWS S3 backend | active | — | — | — |
Root Cause
The IAM user/role does not have sufficient permissions to read/write the S3 bucket used for remote state storage.
generic中文
IAM 用户/角色没有足够的权限来读/写用于远程状态存储的 S3 存储桶。
Official Documentation
https://developer.hashicorp.com/terraform/language/settings/backends/s3#s3-bucket-permissionsWorkarounds
-
95% success Attach the necessary IAM policy to the user/role: s3:ListBucket, s3:GetObject, s3:PutObject, s3:DeleteObject on the state bucket
Attach the necessary IAM policy to the user/role: s3:ListBucket, s3:GetObject, s3:PutObject, s3:DeleteObject on the state bucket
-
85% success Check if S3 bucket policy or ACL is blocking access; update bucket policy to allow the IAM role
Check if S3 bucket policy or ACL is blocking access; update bucket policy to allow the IAM role
中文步骤
将必要的 IAM 策略附加到用户/角色:对状态存储桶的 s3:ListBucket、s3:GetObject、s3:PutObject、s3:DeleteObject
检查 S3 存储桶策略或 ACL 是否阻止访问;更新存储桶策略以允许 IAM 角色
Dead Ends
Common approaches that don't work:
-
80% fail
Reconfiguration does not change IAM permissions; still fails.
-
30% fail
Region mismatch is not the cause; permissions are region-agnostic for S3.