Fix Terraform AWS Error: OptInRequired - You Are Not Subscribed

Quick Answer

# Check if your account is fully activated
aws sts get-caller-identity
 
# Enable a region (if using opt-in regions)
aws account enable-region --region-name af-south-1

The Error

Error: creating EC2 Instance: OptInRequired: You are not subscribed to this service.
Please go to http://aws.amazon.com to subscribe.
  status code: 401

Or:

Error: creating EC2 Instance: OptInRequired: In order to use this AWS Marketplace
product you need to accept terms and subscribe.

What Causes This

1. New AWS account — account hasn't finished activation (takes up to 24 hours)
2. Opt-in region — newer AWS regions require explicit opt-in (Africa, Asia Pacific Hong Kong, etc.)
3. Marketplace AMI — using a third-party AMI that requires a subscription
4. Billing issue — account suspended or payment method invalid
5. Organization SCP — Service Control Policy blocks the service

Solution 1: New Account — Wait for Activation

New AWS accounts can take up to 24 hours to fully activate. During this time:

Error: OptInRequired: You are not subscribed to this service.

Verify your account status:

• Log into AWS Console → check for any activation banners
• Ensure your payment method is valid
• Verify your phone number and email

Solution 2: Enable Opt-In Regions

These regions require explicit opt-in:

# Enable a region
aws account enable-region --region-name af-south-1
 
# Check region status
aws account get-region-opt-status --region-name af-south-1

Or via Console: Account → AWS Regions → Enable

Region activation takes 5-10 minutes.

Solution 3: Subscribe to Marketplace AMI

If using a third-party AMI:

# The error tells you which product
Error: creating EC2 Instance: OptInRequired: In order to use this AWS Marketplace
product you need to accept terms and subscribe.

1. Go to AWS Marketplace → search for the product
2. Click Subscribe → Accept Terms
3. Wait a few minutes for activation
4. Retry terraform apply

Or use an official Amazon AMI instead:

data "aws_ami" "ubuntu" {
  most_recent = true
  owners      = ["099720109477"]  # Canonical (no subscription needed)
 
  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"]
  }
}
 
resource "aws_instance" "web" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t3.micro"
}

Solution 4: Check Billing and Organization

# If in an Organization, check SCPs
aws organizations list-policies --filter SERVICE_CONTROL_POLICY
 
# Check account status
aws account get-contact-information

Common SCP blocks:

{
  "Effect": "Deny",
  "Action": "ec2:RunInstances",
  "Resource": "*",
  "Condition": {
    "StringNotEquals": {
      "aws:RequestedRegion": ["us-east-1", "eu-west-1"]
    }
  }
}

This SCP prevents launching instances in non-approved regions.

Hands-On Courses

• Terraform for Beginners on CopyPasteLearn
• Terraform By Example — practical code examples

Conclusion

OptInRequired usually means your AWS account is too new (wait 24h), you're using an opt-in region (enable it), or you need to subscribe to a Marketplace AMI. Check your billing status and Organization SCPs if the simpler fixes don't work.