I'm trying to deploy my resources using a role but running into AccessDenied error when I run terragrunt apply. The assumed role has the AdministratorAccess policy attached to it and I've tested assuming the role using the AWS CLI.
The error I'm getting
│ Error: creating Amazon S3 (Simple Storage) Bucket (<bucket-name>): AccessDenied: Access Denied
│ status code: 403, request id: xxxxxxx, host id: xxxx
│
│ with module.s3_bucket.aws_s3_bucket.this[0],
│ on .terraform/modules/s3_bucket/main.tf line 25, in resource "aws_s3_bucket" "this":
│ 25: resource "aws_s3_bucket" "this" {
│
╵
Is there anything I'm missing in my base terragrunt.hcl snippet below?
remote_state {
backend = "s3"
generate = {
path = "backend.tf"
if_exists = "overwrite_terragrunt"
}
config = {
bucket = "terraform-state-bucket"
skip_bucket_ssencryption = true
skip_bucket_root_access = true
skip_bucket_enforced_tls = true
key = "${path_relative_to_include()}/terraform.tfstate"
region = "${local.region.aws_region}"
encrypt = true
dynamodb_table = "terraform-state-locks"
assume_role = {
role_arn = "<redacted>"
session_name = "<redacted>"
external_id = "<redacted>"
}
}
}
generate "provider" {
path = "provider.tf"
if_exists = "overwrite_terragrunt"
contents = <<EOF
provider "aws" {
alias = "origin"
region = "${local.region.aws_region}"
allowed_account_ids = ["${local.account.account_id}"]
assume_role {
role_arn = "<redacted>"
session_name = "<redacted>"
external_id = "<redacted>"
}
}
EOF
}
OpenTofu version: 1.6.0 Terragrunt version: 0.54.12