Using terraform in an AWS SSO+Okta environment

I’m using SSO in an AWS SSO+Control Tower+Okta environment

When I login to AWS via Okta, I use the Option 1 setting to allow me to use the aws command

When I run the terraform plan, I get the following error There is no problem with terraform init.

【terraform plan error】

│ Error: AccessDenied: Access Denied
│ 	status code: 403, request id: 5B0ZXXDZJWRW4RKT, host id: VsXWB3Bxq7PbDTocLmyWZdqs7107AXuDFBB6P6sYVbgfHJcJjhnEGJCwQt1ea04bftiidNT1w2o=

I thought the above error might be due to the fact that I cannot access the terraform.tfstate that I have set in, but the following command completes successfully


terraform {
  backend "s3" {
    bucket               = "test-tfstate2"
    key                  = "provisioning/test/static/production/terraform.tfstate"
    region               = "ap-northeast-1"
    workspace_key_prefix = ""

aws s3 ls s3://test-tfstate2/provisioning/test/static/production/terraform.tfstate

2022-02-17 18:18:05 0 terraform.tfstate

What is the cause of the AccessDenied error in this situation?

Any advice would be appreciated.


Thanks for the advice!
I ran the terraform plan in debug mode and found out that I am specifying a non-existent bucket in

After setting the correct bucket, both terraform plan/apply were successful!

Your advice was very helpful!
Thank you very much!