Terraform plan failing in Azure cloud

5
votes

I am trying to run Terraform plan on a folder with tf files and get the following error:

Error running plan: 1 error(s) occurred:

  • provider.azurerm: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: resources.ProvidersClient#List: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client 'fe4ae955-2326-4459-ab20-c095571d729b' with object id 'fe4ae955-2326-4459-ab20-c095571d729b' does not have authorization to perform action 'Microsoft.Resources/subscriptions/providers/read' over scope '/subscriptions/5078eb0f-b56d-4367-a6eb-7b7d932a6a5a'."
1
azureterraform
Do you give your service principal Owner role?Shui shengbao

1 Answers

0
votes

What is happening here is that your service principal doesnt have certain rights (Microsoft.Resources/subscriptions/providers/read) over the scope of your subscription, either give him the rights to do so or give him some predefined role like contributor\owner.

Beware that contributor\owner might be a bit of an overkill, but it depends on your goals. Its definitely an easier path to at least test if this is working, when you are sure that permissions are the issue you can narrow down permissions by creating a custom role.

https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-configure