Getting Started with the New Relic Provider (Terraform) 401 error

Hi guys,

I have been using the following guide on setting up monitoring for new relic via Terraform: https://www.terraform.io/docs/providers/newrelic/guides/getting_started.html

But, I am experiencing a 401 error when I run ‘Terraform apply’

I am using the following command to store my api key as an environment variable: set NEWRELIC_PERSONAL_API_KEY=APIKEY123 then Terraform apply.

I am then prompted with the following error: Error: 401 response returned

on main.tf line 3, in resource “newrelic_alert_policy” “my_alert_policy_name”:
3. resource “newrelic_alert_policy” “my_alert_policy_name” {

1 Like

Thanks for reaching out. Looks like you are setting NEWRELIC_PERSONAL_API_KEY instead of NEWRELIC_API_KEY, which is an Admin key (docs here). Please try with the Admin key and let us know if you have any more issues. Thanks!

3 Likes

Ran into the same issue, getting the 401 error when I tried to create a sample notification channel
> cat main.tf
> provider “newrelic” {}
>
> # Notification channel
> resource “newrelic_alert_channel” “pemail” {
> name = "p@sample.com"
> type = “email”
>
> config {
> recipients = "p@sample.com"
> }
> }

I’ve update my .bash_profile with Owner API key, account API key and my Admin user API all are failing for me!

1 Like

Hi! What is the name of the environment variable you’re setting?

cat ~/.bash_profile | grep
export NEWRELIC_API_KEY=******
export NEWRELIC_PERSONAL_API_KEY=NR******

This still sounds like an issue with an incorrect key. Can you try troubleshooting a request to the alert channels endpoint with the API explorer (https://rpm.newrelic.com/api/explore/alerts_channels/list)? If you can get a request to succeed against the LIST endpoint here, you’ll know that you’ve found the correct API key.

Another thing to try to eliminate some complexity here is to only set NEWRELIC_API_KEY without NEWRELIC_PERSONAL_API_KEY. They shouldn’t be incompatible, but it might help us work through the issue for now.

Hi all, I can’t seem to reproduce this. What version of the provider is being used? v1.16.x?

Some of what I bring up below has been mentioned, please excuse my redundancy. :slight_smile:

This indeed sounds like an incorrect/invalid/permissions issue. From what I’ve gathered, it could be one of three scenarios - could be permissions (user role), could be personal API key being used for NEWRELIC_API_KEY, or could be the admin API key being used for NEWRELIC_PERSONAL_API_KEY.

Setting NEWRELIC_PERSONAL_API_KEY requires using the API key provided at the following URL: https://account.newrelic.com/accounts/<account id>/users/<user id>.

Double check your account’s users at https://account.newrelic.com/accounts/<account id>/users. You’ll see the users’ roles here and can confirm if the user has the Admin role.

Setting NEWRELIC_API_KEY requires using the API key provided at the following URL: https://rpm.newrelic.com/accounts/<account id>/integrations?page=api_keys. If the user doesn’t have the Admin or Owner role, the user will not be able to view this page.

Also of note, a few different 401 error scenarios could be encountered (not necessarily limited to what’s mentioned below). What was the full message of the 401 error that was returned?

  • If you received the error message, “Error: 401 response returned: The API key provided is invalid”, then it might be a situation of the wrong key being used for one of the variables.

  • If you received the error message, “Error: 401 response returned: User does not have permission”, then the user does not have the Admin role or Owner role, which is required.

For the first error message scenario, if your user has the Admin role assigned, you can use your personal API key (from this URL: https://account.newrelic.com/accounts/<account id>/users/<user id> - click the API Keys tab) and would use this key to set NEWRELIC_PERSONAL_API_KEY.

If your situation falls into the second scenario, you’ll need to ask an Admin user to increase your role or you’ll need your account’s Admin user’s Admin API key (from this URL: https://rpm.newrelic.com/accounts/<account url>/integrations?page=api_keys) and would use this key to set NEWRELIC_API_KEY.

Apologies for the long response. Hope this helps. If not, we might need a bit more context to see what’s going on.