Error when attempting to authenticate into AWS account via Turbot

Sometimes a user will get a 404 error returned when attempting to authenticate into an AWS account via the AWS button in Turbot. Upon checking the Control tab, the alarm "Terraform Turbot AWS IAM in {region} of {account} has planned changes" is displayed as being triggered. 


This occurs when the Terraform stack becomes "out of state," or fails to sync with the AWS IAM. 


  1. Review the control alert to determine the last date and time that the check was OK.
  2. Authenticate into the AWS account and region that is showing the error.
  3. Navigate to S3 -> {Turbot bucket ID with region}-> TurbotLogs -> Terraform -> TurbotAWSIAM   -> {Region}. After selecting the region, you should see a the Terraform file, terraform.tfstate.
  4. Select "Show" for the Version options to display the saved versions of the terraform.tfstate file.
  5. Locate the version with a date and time that matches with the last known date and time the control alert "Terraform Turbot AWS IAM" passed the check. 
  6. Download the Terraform file, re-upload it to the S3 bucket, and perform the check within Turbot. If the check returns OK, click apply.
  7. If the check does not return OK, the resources that Terraform is attempting to create must be manually removed. This can include roles, users, and policies within AWS. Once removed, navigate back to the Control, click check, then click apply once the check is finished. If there are any questions, reach out to for assistance. 
Was this article helpful?
0 out of 0 found this helpful