Fix Terraform Error - AssumeRole AccessDenied

Name: Ansible Automation Platform By Example
Author: Luca Berton

Fix the Terraform AWS provider error when cross-account role assumption fails.

Fix Terraform Error - AssumeRole AccessDenied

December 18, 2025
2 min read
Posted by Luca Berton
aws, iam, assume-role, cross-account

The Error

When working with Terraform, you may encounter this error:

Error: error configuring Terraform AWS Provider: AccessDenied when assuming role

This error can block your entire workflow. Let’s understand why it happens and how to fix it.

What Causes This Error

The IAM principal doesn’t have permission to assume the target role, or the role’s trust policy doesn’t allow it.

How to Fix It

Solution 1

Update the role’s trust policy to allow your IAM user/role as a principal.

Solution 2

Ensure your credentials have sts:AssumeRole permission for the target role ARN.

Solution 3

Check for MFA requirements: some roles require MFA in their trust policy conditions.

Solution 4

Verify the role ARN is correct and the account ID matches the target account.

Prevention Tips

Always run terraform validate before terraform plan
Use terraform fmt to keep configuration clean and readable
Pin provider versions to avoid unexpected schema changes
Review plan output carefully before applying

Learn More

Terraform for Beginners Course — hands-on labs covering this topic
Terraform By Example Book — real-world patterns and solutions
Terraform Cheat Sheet — quick command reference

Conclusion

This error is common but straightforward to fix. The key is understanding the root cause and applying the correct solution for your specific situation. Following the prevention tips above will help you avoid this error in future projects.

🚀 Level Up Your Terraform Skills

Learn by doing — hands-on courses, books, and resources from Luca Berton.

Terraform Course Terraform By Example Cheat Sheet

MORE COURSES: Ansible Quickstart OpenClaw Agent MLflow + K8s MLOps

🎓 UDEMY COURSE

Terraform for Beginners: Code, Deploy & Scale

Master Terraform with 10+ hours of video, 50+ hands-on labs, and real-world projects.

View Course

📖 Terraform By Example

Copy & paste Terraform code examples. The perfect companion to learn infrastructure as code.

Get the Book

🎓 HANDS-ON COURSES

Terraform for Beginners

Code, deploy & scale

Ansible Quickstart

Automation fundamentals

OpenClaw Agent

AI-powered automation

MLflow + Kubernetes MLOps

ML pipelines at scale

View all courses on CopyPasteLearn →

📬

Terraform Tip of the Week

Weekly tips, best practices, and code examples. Free.

Subscribe Free

🌐 Also from Luca Berton

Ansible Pilot

500+ automation tutorials

Kubernetes Recipes

Container orchestration guides

OpenEmpower

AWS Silver Partner consulting

CopyPasteLearn Courses

Terraform, Ansible, OpenClaw, MLOps

Fix Terraform Error - AssumeRole AccessDenied

Fix Terraform Error - AssumeRole AccessDenied

Table of Contents

The Error

What Causes This Error

How to Fix It

Solution 1

Solution 2

Solution 3

Solution 4

Prevention Tips

Learn More

Related Articles

Conclusion

🚀 Level Up Your Terraform Skills

Terraform for Beginners: Code, Deploy & Scale

📖 Terraform By Example

📚 Related Articles

Fix Terraform Error - IAM EntityAlreadyExists

Fix Terraform Error - Invalid CIDR Block

Fix Terraform Error - S3 BucketAlreadyExists

🎓 HANDS-ON COURSES

Terraform Tip of the Week

🌐 Also from Luca Berton