This error occurs during terraform apply when the provider encounters a problem applying your infrastructure changes. It indicates that Terraform is unable to complete the requested actions, often due to configuration issues, API errors, or state problems. The specific cause is listed in the detailed error message that follows.
When Terraform runs the apply phase, it attempts to execute the changes defined in your plan against your cloud provider or infrastructure. This generic error message "Error applying plan: 1 error(s) occurred" is a wrapper that indicates at least one step failed during execution. Unlike plan errors which are caught before reaching the provider, apply errors occur when the provider API rejects the request or encounters runtime issues. The error doesn't automatically rollback your changes. If some resources succeeded and others failed, your Terraform state file will reflect a partially updated infrastructure state. This is important because you'll need to address the underlying issue and run apply again to complete the operation.
The 'Error applying plan: 1 error(s) occurred' message is generic. The actual error is shown directly after this line.
Run terraform apply again and carefully read the full error message:
terraform apply tfplanLook for lines like:
- "Access Denied"
- "Resource already exists"
- "Invalid attribute"
- "Circular dependency detected"
This specific error will tell you exactly what failed and why.
Many apply errors are due to authentication or authorization problems.
Check your provider credentials:
# For AWS, verify credentials are set
echo $AWS_ACCESS_KEY_ID
echo $AWS_SECRET_ACCESS_KEY
# For Azure, check login status
az account show
# For GCP, verify credentials
gcloud auth listEnsure your user/service account has the required IAM permissions for the resources you're trying to create. Check your cloud provider's console or run:
# AWS - list attached policies
aws iam list-attached-user-policies --user-name your-user-name
# Azure - check role assignments
az role assignment list --assignee your-principal-id
# GCP - list roles
gcloud projects get-iam-policy your-project-idErrors like 'Resource already exists' or 'Limit exceeded' happen when Terraform tries to create something that conflicts with existing infrastructure.
List existing resources in your account:
# AWS - list S3 buckets, VPCs, etc.
aws s3 ls
aws ec2 describe-vpcs
# Azure - list resource groups and resources
az group list
az resource list
# GCP - list resources
gcloud compute instances listIf you see the resource already exists:
1. Either delete it from your cloud provider (if you don't need it)
2. Or import it into Terraform state:
terraform import resource-type.resource-name resource-idFor 'Limit exceeded' errors, request a quota increase or reduce the number of resources.
State file issues can cause apply failures. Validate and refresh your state:
# Validate syntax in your configuration
terraform validate
# Refresh state to sync with actual infrastructure
terraform refresh
# Show current state to verify it's correct
terraform state list
terraform state show resource-type.resource-nameIf you see differences between your configuration and state, run plan again to see what changed:
terraform planTerraform can fail if resources depend on each other in a circular way.
Review your resource relationships:
# Generate a graph to visualize dependencies
terraform graph > graph.dot
# Install graphviz to view it
# Ubuntu/Debian: sudo apt-get install graphviz
# macOS: brew install graphviz
# Then: dot -Tsvg graph.dot -o graph.svgLook for resources that depend on each other. Common circular dependency examples:
- Security group A references security group B, and B references A
- VPC depends on subnet depends on VPC
- IAM role assumes role that assumes back
Fix by:
1. Using inline security group rules instead of separate resources
2. Adding explicit depends_on to control order
3. Separating resources into different apply phases
If you see 'Error acquiring state lock', another process might be using the state file.
Check if a lock exists:
# List locks (backend-dependent, for S3 backend)
aws s3api list-objects --bucket your-terraform-bucket --prefix .terraform.lock
# For Terraform Cloud/Enterprise, check runs dashboardIf stuck:
1. Wait a few minutes for the other process to complete
2. Check your CI/CD logs to see if another deployment is running
3. Only use force-unlock as a last resort (with care):
terraform force-unlock LOCK_IDAfter resolving, retry the apply:
terraform apply tfplanWhen Terraform encounters an apply error, understand that it does NOT automatically rollback. Your state file will reflect any successfully created resources, even if later steps failed. This is intentionalโit allows you to fix the issue and run apply again to complete the operation incrementally.
For intermittent or transient errors (like temporary API unavailability), simply running terraform apply again often succeeds. For persistent errors, you need to address the root cause.
In CI/CD environments, consider implementing retry logic with exponential backoff for transient failures. Always ensure your CI/CD environment has proper authentication configured and sufficient IAM permissions for the resources it manages.
For complex multi-step deployments, consider breaking your infrastructure into smaller modules or workspaces to isolate issues and make debugging easier.
Error: Error rendering template: template not found
How to fix "template not found" error in Terraform
Error: Error generating private key
How to fix 'Error generating private key' in Terraform
Error creating Kubernetes Service: field is immutable
How to fix "field is immutable" errors in Terraform
Error: Error creating local file: open: permission denied
How to fix "Error creating local file: permission denied" in Terraform
Error: line endings have changed from CRLF to LF
Line endings have changed from CRLF to LF in Terraform