Troubleshooting
Even with correct configurations, things can go wrong. This chapter covers common Terraform errors and how to resolve them.
Common Errors and Solutions
- Provider credentials missing: Set
AWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYor runaws configure. - Resource already exists: Import it into state using
terraform import. - State lock error: Another process is holding the lock. Wait or use
terraform force-unlock(with caution). - Invalid AMI ID: Verify the AMI exists in your region. Use
aws ec2 describe-imagesor data source. - Missing variables: Ensure all required variables are defined (no default). Terraform will prompt or error.
- Syntax errors: Run
terraform validateto catch HCL errors.
Troubleshooting Commands
terraform validate– checks syntax and consistency.terraform plan -out=tfplan– save plan for review.terraform state list– show resources in state.terraform state show <resource>– inspect a resource.terraform providers– show provider versions.terraform version– check Terraform version (updates matter).
Debugging with TF_LOG
Enable detailed logging:
export TF_LOG=DEBUG
terraform applyexport TF_LOG_PATH=terraform.log
terraform planTRACE, DEBUG, INFO, WARN, ERROR.Importing Existing Resources
If a resource was created outside Terraform, you can import it into state.
terraform import aws_instance.web i-1234567890abcdef0Checking Provider Version Compatibility
Use
terraform providers lock to lock provider versions. Mismatched versions can cause unexpected behavior.Two Minute Drill
- Run
terraform validateto catch syntax errors. - Use
terraform importto bring existing resources into state. - Set
TF_LOG=DEBUGfor detailed logging. - Check state with
terraform state listandstate show. - Lock provider versions to avoid drift.
Need more clarification?
Drop us an email at career@quipoinfotech.com