Terraform provider registration failure (Azure)

Terraform newbie here so bear with me.

I’m not running into an authorization error with terraform using azure and i cant seem to be able to figure it out

Here is what i have:

An Azure Subscription with a plan of Azure Plan
I created an service principal under that subscription like this
az login az ad sp create-for-rbac --name terraform --sdk-auth (this prints out some clientid/secrets

Created a terraform file: main.tf
Please note that id and secret value have been distorted

provider "azurerm" {    
    features {}
    client_id= "d8ec337b-ca53-4764-9a35-a7651acdd863"
    client_secret= "d7gt86ihkvBzgqdydUyCte2.N7F21fYsOz"
   subscription_id= "dc761b5c-9328-4b91-8962-176a74173e46"
   tenant_id= "d5ffd01f-fa67-4ed5-9c12-dbda80d07eba"

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "3.0.2"

resource "azurerm_resource_group" "tf_test" {
  name = "terraform_rg"
  location = "uksouth"

Running terraform init works as expected
However, when i run terraform plan, i get this error

Error: Unable to list provider registration status, it is possible that this is due to invalid credentials or the service principal does not have permission to use the Resource Manager API, Azure error: resources.ProvidersClient#List: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '<client-id>' with object id '<object-id>' does not have authorization to perform action 'Microsoft.Resources/subscriptions/providers/read' over scope '/subscriptions/<correct-subscription>' or the scope is invalid. If access was recently granted, please refresh your credentials."
│   with provider["registry.terraform.io/hashicorp/azurerm"],
│   on main.tf line 1, in provider "azurerm":
│    1: provider "azurerm" {

Any ideas? Something tell me it’s something simple.

Figured it out.

The service principal does not have any Role Assignments.

I added the Contributor role and it worked

More info here