sens31
sens31

Reputation: 27

Getting a status code 403 on terraform plan for Azure deployment

I'm trying to deploy a web app with a database on Azure but can't seem to get it to work despite double/triple checking the credentials for the Tenant in Azure. Tried creating new client secrets but doesn't work regardless.

Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: resources.ProvidersClient#List: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '########-########-########-########-########' with object id '########-########-########-########-########' does not have authorization to perform action 'Microsoft.Resources/subscriptions/providers/read' over scope '/subscriptions/########-########-########-########-########' or the scope is invalid. If access was recently granted, please refresh your credentials."

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "=3.0.0"
    }
  }
}

provider "azurerm" {
  features {}
  subscription_id = var.subscription_id
  client_id = var.client_id
  client_secret = var.client_secret
  tenant_id = var.tenant_id
}

resource "azurerm_resource_group" "example" {
  name     = "azure-tf-bgapp"
  location = "West Europe"
}

resource "azurerm_container_group" "example" {
  name                = "bgapp-tf"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  ip_address_type     = "Public"
  dns_name_label      = "aci-label"
  os_type             = "Linux"

  container {
    name   = "bgapp-web"
    image  = "shekeriev/bgapp-web"
    cpu    = "0.5"
    memory = "1.5"

    ports {
      port = 80
      protocol = "TCP"
    }
  }

  container {
    name   = "bgapp-web"
    image  = "shekeriev/bgapp-db"
    cpu    = "0.5"
    memory = "1.5"
    environment_variables = {
      "MYSQL_ROOT_PASSWORD" = "Password1"
    }
  }
  tags = {
    environment = "bgapp"
  }
}

Upvotes: 0

Views: 3318

Answers (1)

Venkatesan
Venkatesan

Reputation: 10515

I tried in my environment and got below results:

Initially I tried the same code and got same error in my environment.

Console:

enter image description here

The above error occurs due to your (Service principal) doesn't has required permission to do that operation (Authorization).

After assigning a role like Owner to the service principal code worked successfully.

Go to portal -> subscription -> Access control (IAM) -> Add role assignments -> owner -> Add your service principal -> review + create.

enter image description here

After I executed code of terraform it executed perfectly.

Console:

enter image description here

Portal: enter image description here

Upvotes: 1

Related Questions