Reputation: 25349
azure aks with terraform gives me error Due to a configuration change made by your administrator, or because you moved to a new location
I am trying to create an aks cluster with Terraform. Here are the config files for the same. Validation went well. But plan gives the following error.
Got some experience with Terraform as well as azure and aks, but not with Azure Ad. So enlighten whats going wrong.
Looked into this so question and this one as well, but no clue.
Error: building account: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: AADSTS50076: Due to
a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access '00000003-0000-0000-c000-000000000000'.
│ Trace ID: 3391ac9b-4e8d-43a3-88f5-0cb1093a2d00
│ Correlation ID: fe984fa6-71ff-42d6-b487-7b988a7e1dd6
│ Timestamp: 2022-08-23 13:39:59Z
│ To re-authenticate, please run:
│ az login --scope https://graph.microsoft.com//.default
│
│ with provider["registry.terraform.io/hashicorp/azurerm"],
│ on tf1-provider.tf line 48, in provider "azurerm":
│ 48: provider "azurerm" {
az login is already done (below, ids removed).
Update
It turns out its something to do with az auth. When I ran
az ad sp list --all
I got exactly the same message.
Then I ran
az login --scope https://graph.microsoft.com//.default
as suggested. Then it asked me to run
az login --tenant <tenantId>
And this time it logged me in after two factor(mobile OTP). Then finally this error went away.
Did not understand fully, but thats how I resolved it for now.
Upvotes: 0
Views: 1557
Answers (1)
Reputation: 3485
The Azure AD error AADSTS50076 is thrown whenever MFA is required. In order to prompt MFA you need to re-authenticate interactively which is what you just did.
If you were not facing this issue before it's because MFA was not enabled or was not required but now it is. You will need to reach the a tenant admin to get more information about such setup.
For more information about Azure AD errors take a look to Azure AD Authentication and authorization error codes.
Upvotes: 1
Related Questions
- Terraform azuread_application seems to be missing arguments
- Terraform AKS in VNET An argument named "user_assigned_identity_id" is not expected here
- An argument active_directory is not expected here in terraform Azure app
- Terraform AKS error: services "azure-vote-back" already exists, how to deal with it?
- Cannot create a simple Azure AKS with Terraform anymore
- Error while provisioning Terraform subnet using azurerm
- unable to execute terraform apply in azure devops
- AKS via Terraform Error: Code="CustomRouteTableWithUnsupportedMSIType"
- unable to create AKS cluster using "UserDefinedRouting" using terraform
- Terraform azure - keyvault key generation - access denied