Cloud Computing
Terraform Debug Mode: How to Enable TF_LOG and Read Debug Output
Enable Terraform debug mode with TF_LOG=DEBUG, save logs to file with TF_LOG_PATH, and troubleshoot terraform plan/apply errors.
5 min read
DevOps
Terraform Troubleshooting - Common Errors and Solutions
Fix the most common Terraform errors. State lock issues, provider bugs, dependency cycles, plan/apply failures, and authentication problems — all solved.
LLuca Berton2 min read
Quick Reference
#This is a central guide linking to specific error fixes. Use the table below to jump directly to the error you're hitting.
Most Common Errors
#State and Lock Errors
#| Error | Quick Fix | Full Guide |
|---|---|---|
| State lock conflict | Wait for other apply to finish, or terraform force-unlock LOCK_ID | State Lock Guide |
| State snapshot newer version | Upgrade Terraform to match the version that created the state | Version Mismatch |
| Inconsistent dependency lock file | Run terraform init -upgrade | Lock File Fix |
Provider Errors
#| Error | Quick Fix | Full Guide |
|---|---|---|
| Provider configuration not present | Add missing provider block or remove orphaned state entries | Provider Missing |
| Plugin crashed | Clear .terraform/providers, run terraform init | Plugin Crash |
| Provider version conflict | Use version constraints in required_providers | Version Conflict |
Authentication Errors
#| Error | Quick Fix | Full Guide |
|---|---|---|
| AWS InvalidClientTokenId | Check AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY | AWS Auth |
| AssumeRole AccessDenied | Fix trust policy in target account + sts:AssumeRole in source | AssumeRole |
| Azure Authorization Failed | Assign Contributor role to service principal | Azure Auth |
| GCP 403 Forbidden | Enable API, check IAM roles | GCP Perms |
Resource Errors
#| Error | Quick Fix | Full Guide |
|---|---|---|
| Resource already exists | Import with terraform import or rename | Already Exists |
| Cycle detected | Break circular dependency with separate resources | Cycles |
| Timeout waiting for state | Add timeouts block with longer values | Timeouts |
| Invalid AMI ID | Check region, use data source lookup | AMI Not Found |
HCL and Type Errors
#| Error | Quick Fix | Full Guide |
|---|---|---|
| Invalid for_each argument | Use static variables for keys, not computed values | for_each |
| Inconsistent conditional types | Use tostring(), tolist(), or null | Conditionals |
| Invalid template interpolation | Use jsonencode() for complex types in strings | Templates |
| Invalid function argument | Check expected parameter types | Functions |
| Unexpected token | Run terraform fmt, check brackets | Syntax |
General Debugging Steps
#1. Enable Debug Logging
#export TF_LOG=DEBUG
export TF_LOG_PATH=terraform-debug.log
terraform plan2. Validate Configuration
#terraform validate # Catches syntax and type errors
terraform fmt -check # Catches formatting issues3. Refresh State
#terraform apply -refresh-only # Sync state with reality4. Target Specific Resources
#terraform plan -target=aws_instance.web # Isolate the problem5. Check Provider Version
#terraform version # Shows Terraform + provider versions
terraform init -upgrade # Update to latest compatible versionsCommon Patterns
#"I changed nothing but plan shows changes"
#This is a perpetual diff — usually caused by API normalization. Fix with ignore_changes or jsonencode().
"Apply succeeded but state is wrong"
#terraform apply -refresh-only # Resync state
terraform state show aws_instance.web # Inspect state"Can't destroy — resource has dependencies"
#terraform destroy -target=aws_instance.web # Destroy specific resource firstRelated Articles
#Conclusion
#Most Terraform errors fall into five categories: state/lock issues, provider problems, authentication failures, resource conflicts, and HCL type errors. This guide links to detailed solutions for each. When in doubt, enable debug logging (TF_LOG=DEBUG), run terraform validate, and check provider versions.
#Terraform#Troubleshooting#Debugging#DevOps#Tips
Related articles
DevOps
TFLint: Lint and Validate Terraform Code Before Apply
Install and configure TFLint to catch Terraform errors before terraform apply. Covers AWS/Azure/GCP plugins, .tflint.hcl config, CI/CD integration
4 min read
Terraform
Resolve "Inconsistent Dependency Lock File" Error in Terraform
Encountering the Inconsistent Dependency Lock File error in Terraform? This guide explains the causes and provides step-by-step solutions to resolve the.
4 min read
Terraform
Terraform Logging: TF_LOG Levels, TF_LOG_PATH, and Debugging
Complete guide to Terraform logging. Set TF_LOG to TRACE, DEBUG, INFO, WARN, or ERROR. Save verbose output to a file with TF_LOG_PATH. Works on Linux, macOS.
2 min read