The Error
When working with Terraform, you may encounter this error:
Error: error configuring Terraform AWS Provider: AccessDenied when assuming role
This error can block your entire workflow. Let’s understand why it happens and how to fix it.
What Causes This Error
The IAM principal doesn’t have permission to assume the target role, or the role’s trust policy doesn’t allow it.
How to Fix It
Solution 1
Update the role’s trust policy to allow your IAM user/role as a principal.
Solution 2
Ensure your credentials have sts:AssumeRole permission for the target role ARN.
Solution 3
Check for MFA requirements: some roles require MFA in their trust policy conditions.
Solution 4
Verify the role ARN is correct and the account ID matches the target account.
Prevention Tips
- Always run
terraform validatebeforeterraform plan - Use
terraform fmtto keep configuration clean and readable - Pin provider versions to avoid unexpected schema changes
- Review plan output carefully before applying
Learn More
- Terraform for Beginners Course — hands-on labs covering this topic
- Terraform By Example Book — real-world patterns and solutions
- Terraform Cheat Sheet — quick command reference
Related Articles
Conclusion
Related: How to install AWS CLI on macOS using Homebrew — set up AWS CLI in minutes.
This error is common but straightforward to fix. The key is understanding the root cause and applying the correct solution for your specific situation. Following the prevention tips above will help you avoid this error in future projects.