Using terraform in an AWS SSO+Okta environment

I’m using SSO in an AWS SSO+Control Tower+Okta environment

When I login to AWS via Okta, I use the Option 1 setting to allow me to use the aws command

Get credentials for AdministratorAccess820×705 75.3 KB

When I run the terraform plan, I get the following error There is no problem with terraform init.

【terraform plan error】

│
│ Error: AccessDenied: Access Denied
│ 	status code: 403, request id: 5B0ZXXDZJWRW4RKT, host id: VsXWB3Bxq7PbDTocLmyWZdqs7107AXuDFBB6P6sYVbgfHJcJjhnEGJCwQt1ea04bftiidNT1w2o=
│ 
│ 
│

I thought the above error might be due to the fact that I cannot access the terraform.tfstate that I have set in backend.tf, but the following command completes successfully

【backend.tf】

terraform {
  backend "s3" {
    bucket               = "test-tfstate2"
    key                  = "provisioning/test/static/production/terraform.tfstate"
    region               = "ap-northeast-1"
    workspace_key_prefix = ""
  }
}

【command】
aws s3 ls s3://test-tfstate2/provisioning/test/static/production/terraform.tfstate

【Result】
2022-02-17 18:18:05 0 terraform.tfstate

What is the cause of the AccessDenied error in this situation?

Any advice would be appreciated.

Gentlemen.

Thanks for the advice!
I ran the terraform plan in debug mode and found out that I am specifying a non-existent bucket in remote_state.tf

After setting the correct bucket, both terraform plan/apply were successful!

Your advice was very helpful!
Thank you very much!