👀 Views: 1 💬 Answers: 1 📅 Created: 2025-06-05

oci terraform permissions object-storage HCL

Hey everyone, I'm running into an issue that's driving me crazy. Quick question that's been bugging me - I'm working with a permissions scenario when trying to deploy resources on Oracle Cloud Infrastructure (OCI) using Terraform. Specifically, after running my Terraform scripts, I receive the following behavior: `behavior: creating Object Storage bucket: behavior 403: Access Denied`. I've verified that my IAM policy allows the required actions, as shown below: ```hcl resource "oci_identity_policy" "object_storage_policy" { compartment_id = oci_identity_compartment.my_compartment.id name = "object_storage_policy" statements = [ "Allow group my_group to manage objects in compartment my_compartment", "Allow group my_group to inspect buckets in compartment my_compartment" ] } ``` I also made sure that the OCI user I’m using to authenticate has been added to `my_group`. However, I'm still unable to create the bucket. Here's the relevant snippet from my Terraform configuration for creating the bucket: ```hcl resource "oci_objectstorage_bucket" "my_bucket" { name = "my-unique-bucket-name" compartment_id = oci_identity_compartment.my_compartment.id storage_tier = "Standard" public_access_type = "NoPublicAccess" } ``` I've double-checked the compartment ID and name, and everything seems correct. The Oracle Cloud Console shows that my user is indeed part of `my_group`, and the policy is effective. I even tried re-creating the policy and re-deploying the Terraform plan after some modifications, but the behavior continues. Could this be a timing scenario or caching question with permissions? Has anyone encountered a similar scenario or can suggest what steps I might have missed? This is part of a larger service I'm building. Am I missing something obvious? What am I doing wrong? I appreciate any insights!