Terraform automatically attempts to register Azure resource providers when initializing the AzureRM provider. This error occurs when your Azure account lacks sufficient permissions to register providers, typically due to restricted subscription-level access or IAM policy constraints.
When you use Terraform with the Azure provider, it automatically tries to register all supported resource providers (like Microsoft.Compute, Microsoft.Storage, etc.) on your Azure subscription to enable better error messages and resource provisioning. This registration action requires 'Microsoft.*/register/action' permissions at the subscription scope. If your account is restricted to resource group level or lacks these permissions, this error appears.
For AzureRM provider versions 3.x and earlier, add the skip_provider_registration flag to disable automatic provider registration:
provider "azurerm" {
features {}
skip_provider_registration = true
}For AzureRM provider version 4.x and later, use:
provider "azurerm" {
features {}
resource_provider_registrations = "none"
}This prevents Terraform from attempting to register providers automatically.
If you prefer to keep automatic registration enabled, manually register the providers that your Terraform code uses with a privileged account:
# Register a specific provider
az provider register -n Microsoft.Compute --wait
# Or register multiple providers
az provider register -n Microsoft.Compute --wait
az provider register -n Microsoft.Storage --wait
az provider register -n Microsoft.Network --waitUse az provider list to see all registered and pending providers.
Ensure your Azure authentication is correctly configured and your account has the necessary permissions:
# Check current Azure CLI authentication
az account show
# List subscriptions to verify access
az account list
# Check role assignment for provider registration
az role assignment list --scope /subscriptions/{subscriptionId}Confirm that your account has 'Owner' or 'Contributor' role at the subscription level, or has a custom role with Microsoft.Authorization/roleAssignments/write and Microsoft.*/register/action permissions.
If you don't have sufficient permissions, contact your Azure subscription administrator to either:
1. Grant your service principal or user account the 'Contributor' role at the subscription level
2. Manually register all required providers before running Terraform
3. Create a custom IAM role that grants Microsoft.*/register/action permission
Once permissions are granted, retry terraform plan and apply.
Ensure you're using the latest versions of both tools:
# Update Azure CLI
az upgrade
# Check Azure CLI version
az --version
# Update Terraform AzureRM provider in your configuration
terraform init -upgradeNewer versions often include bug fixes and improved error handling for provider registration issues.
By default, Terraform registers all providers it supports, not just those you use in your configuration. This provides better error messages but requires subscription-level permissions. If you disable automatic registration and later use a resource from an unregistered provider, the error message may be misleading (e.g., 'API version not found' instead of 'provider not registered'). This is particularly important in managed environments like Azure DevOps or GitHub Actions where service principals have restricted permissions. For CI/CD pipelines, it's often simpler to either use skip_provider_registration or pre-register providers in your infrastructure setup phase. Be aware that some Azure features (like certain API versions) may only work with newer provider registrations, so check Azure release notes if you encounter unexpected API compatibility issues.
Error: Error installing helm release: cannot re-use a name that is still in use
How to fix "release name in use" error in Terraform with Helm
Error: Error creating GKE Cluster: BadRequest
BadRequest error creating GKE cluster in Terraform
Error: External program failed to produce valid JSON
External program failed to produce valid JSON
Error: Unsupported argument in child module call
How to fix "Unsupported argument in child module call" in Terraform
Error: network is unreachable
How to fix "network is unreachable" in Terraform