# Error: error accessing remote state: AccessDenied: Access Denied

- **ID:** `terraform/terraform-apply-permission-denied-s3-backend`
- **Domain:** terraform
- **Category:** auth_error
- **Error Code:** `AccessDenied`
- **Verification:** ai_generated
- **Fix Rate:** 85%

## Root Cause

The IAM user/role does not have sufficient permissions to read/write the S3 bucket used for remote state storage.

## Version Compatibility

| Version | Status | Introduced | Deprecated |
|---------|--------|------------|------------|
| Terraform v1.0+ | active | — | — |
| AWS S3 backend | active | — | — |

## Workarounds

1. **Attach the necessary IAM policy to the user/role: s3:ListBucket, s3:GetObject, s3:PutObject, s3:DeleteObject on the state bucket** (95% success)
   ```
   Attach the necessary IAM policy to the user/role: s3:ListBucket, s3:GetObject, s3:PutObject, s3:DeleteObject on the state bucket
   ```
2. **Check if S3 bucket policy or ACL is blocking access; update bucket policy to allow the IAM role** (85% success)
   ```
   Check if S3 bucket policy or ACL is blocking access; update bucket policy to allow the IAM role
   ```

## Dead Ends

- **** — Reconfiguration does not change IAM permissions; still fails. (80% fail)
- **** — Region mismatch is not the cause; permissions are region-agnostic for S3. (30% fail)