Quick Answer
# Check if your account is fully activated
aws sts get-caller-identity
# Enable a region (if using opt-in regions)
aws account enable-region --region-name af-south-1
The Error
Error: creating EC2 Instance: OptInRequired: You are not subscribed to this service.
Please go to http://aws.amazon.com to subscribe.
status code: 401
Or:
Error: creating EC2 Instance: OptInRequired: In order to use this AWS Marketplace
product you need to accept terms and subscribe.
What Causes This
- New AWS account — account hasn’t finished activation (takes up to 24 hours)
- Opt-in region — newer AWS regions require explicit opt-in (Africa, Asia Pacific Hong Kong, etc.)
- Marketplace AMI — using a third-party AMI that requires a subscription
- Billing issue — account suspended or payment method invalid
- Organization SCP — Service Control Policy blocks the service
Solution 1: New Account — Wait for Activation
New AWS accounts can take up to 24 hours to fully activate. During this time:
Error: OptInRequired: You are not subscribed to this service.
Verify your account status:
- Log into AWS Console → check for any activation banners
- Ensure your payment method is valid
- Verify your phone number and email
Solution 2: Enable Opt-In Regions
These regions require explicit opt-in:
| Region | Name |
|---|---|
af-south-1 | Africa (Cape Town) |
ap-east-1 | Asia Pacific (Hong Kong) |
ap-south-2 | Asia Pacific (Hyderabad) |
ap-southeast-3 | Asia Pacific (Jakarta) |
ap-southeast-4 | Asia Pacific (Melbourne) |
eu-south-1 | Europe (Milan) |
eu-south-2 | Europe (Spain) |
eu-central-2 | Europe (Zurich) |
me-south-1 | Middle East (Bahrain) |
me-central-1 | Middle East (UAE) |
il-central-1 | Israel (Tel Aviv) |
# Enable a region
aws account enable-region --region-name af-south-1
# Check region status
aws account get-region-opt-status --region-name af-south-1
Or via Console: Account → AWS Regions → Enable
Region activation takes 5-10 minutes.
Solution 3: Subscribe to Marketplace AMI
If using a third-party AMI:
# The error tells you which product
Error: creating EC2 Instance: OptInRequired: In order to use this AWS Marketplace
product you need to accept terms and subscribe.
- Go to AWS Marketplace → search for the product
- Click Subscribe → Accept Terms
- Wait a few minutes for activation
- Retry
terraform apply
Or use an official Amazon AMI instead:
data "aws_ami" "ubuntu" {
most_recent = true
owners = ["099720109477"] # Canonical (no subscription needed)
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"]
}
}
resource "aws_instance" "web" {
ami = data.aws_ami.ubuntu.id
instance_type = "t3.micro"
}
Solution 4: Check Billing and Organization
# If in an Organization, check SCPs
aws organizations list-policies --filter SERVICE_CONTROL_POLICY
# Check account status
aws account get-contact-information
Common SCP blocks:
{
"Effect": "Deny",
"Action": "ec2:RunInstances",
"Resource": "*",
"Condition": {
"StringNotEquals": {
"aws:RequestedRegion": ["us-east-1", "eu-west-1"]
}
}
}
This SCP prevents launching instances in non-approved regions.
Hands-On Courses
- Terraform for Beginners on CopyPasteLearn
- Terraform By Example — practical code examples
Conclusion
OptInRequired usually means your AWS account is too new (wait 24h), you’re using an opt-in region (enable it), or you need to subscribe to a Marketplace AMI. Check your billing status and Organization SCPs if the simpler fixes don’t work.
