DevOps
Fix Terraform Error: CloudWatch Log Group Already Exists
Fix terraform CloudWatch Log Group ResourceAlreadyExistsException. Import orphaned log groups, prevent Lambda auto-creation
3 min read
DevOps
Fix Terraform Error - Error Creating EKS Cluster - AccessDeniedException
How to fix AccessDeniedException when creating EKS clusters in Terraform. Configure IAM roles, service-linked roles, and VPC permissions.
LLuca Berton1 min read
The Error
#Error creating EKS Cluster: AccessDeniedException: User is not authorized to perform eks:CreateClusterWhat Causes This
#The IAM user or role running Terraform doesn't have sufficient permissions to create EKS clusters. EKS requires specific IAM permissions for the cluster, node groups, networking, and service-linked roles.
How to Fix It
#Solution 1: Add Required IAM Permissions
#{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"eks:*",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DescribeSecurityGroups",
"ec2:CreateSecurityGroup",
"ec2:DeleteSecurityGroup",
"ec2:AuthorizeSecurityGroupIngress",
"ec2:AuthorizeSecurityGroupEgress",
"ec2:CreateTags",
"iam:PassRole",
"iam:CreateServiceLinkedRole"
],
"Resource": "*"
}
]
}Solution 2: Create EKS Cluster Role
#resource "aws_iam_role" "eks_cluster" {
name = "eks-cluster-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = { Service = "eks.amazonaws.com" }
}]
})
}
resource "aws_iam_role_policy_attachment" "eks_cluster" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
role = aws_iam_role.eks_cluster.name
}
resource "aws_eks_cluster" "main" {
name = "production"
role_arn = aws_iam_role.eks_cluster.arn
vpc_config {
subnet_ids = aws_subnet.private[*].id
}
}Solution 3: Service-Linked Role
## EKS needs a service-linked role — create if missing
aws iam create-service-linked-role --aws-service-name eks.amazonaws.comPrevention Tips
#- Pin provider versions — avoid surprise breaking changes
- Use CI/CD — catch errors before they hit production
- Test with
terraform plan— always review before applying - Keep Terraform updated — newer versions have better error messages
- Use
terraform validate— catches syntax errors early
Hands-On Courses
#Learn to avoid these errors with interactive, project-based courses:
- Terraform for Beginners on CopyPasteLearn
- Terraform By Example — practical code examples
- Terraform Cheat Sheet — quick reference for all commands
Related Articles
#- Terraform Troubleshooting - Common Errors and Solutions
- Terraform Enabling and Using Debugging
- Debugging with TFLint
Conclusion
#This error is common and fixable. Follow the solutions above, and check our Terraform course for hands-on training that covers real-world troubleshooting scenarios.
#Terraform#Troubleshooting#DevOps#Error Fix#Infrastructure as Code
Related articles
DevOps
Fix Terraform Error: Cannot Import Into Existing State
Fix terraform import errors when a resource already exists in state. Covers state rm, state show, reimport workflow, import blocks
3 min read
DevOps
Fix Terraform Error: Too Many Command Line Arguments
Fix terraform too many command line arguments errors. Correct -var syntax, quote values with spaces, and learn proper Terraform CLI argument format for plan
3 min read
DevOps
Fix Terraform Error: Invalid Escape Sequence in String
Fix terraform invalid escape sequence errors. Double backslashes for Windows paths, use heredocs for regex, and learn all valid HCL escape sequences.
2 min read