New Relic returning a 403 response for the alert conditions API

We are currently using Terraform New Relic provider version – 1.16 which works fine for all our environments.
We wanted to upgrade to the Terraform New Relic provider version 2.X as per the guidelines for which we have tried the below actions:
• We added the below fields in the provider block as variables:
provider “newrelic” {
api_key = “NRAK-####”
admin_api_key = “NRAA-####”
account_id=**
region=US
}
• As recommended we also tried migrating to the latest version of 1.X that is 1.20.1 and then moved to 2.X.
• We have also tried passing the above values as environment variables.

All of the above ways have error-ed out with 403 response as below. A snapshot of the error log has been attached for the same. Also, the error is quite inconsistent as it passes sometimes and fails most of the times.

“Transport-Security”:[“max-age=XXXXXXXXX; includeSubDomains”],“X-Rack-Cache”:[“miss”],“X-Request-Id”:[“XXXXXXXXXXXXXXXXXXXX”],“X-Runtime”:[“XXXXXXX”],“X-Ua-Compatible”:[“IE=Edge,chrome=1”]}" method=GET status_code=200 url=“https://api.newrelic.com/v2/alerts_conditions.json?policy_id=XXXXXXXXXXX

2020/09/22 06:10:17 [TRACE] module.alert_policies: eval: *terraform.EvalWriteState

2020/09/22 06:10:17 [TRACE] EvalWriteState: recording 1 dependencies for module.alert_policies.newrelic_alert_condition.alert_conditions[“ml-interface-controller_apdex”]

2020/09/22 06:10:17 [TRACE] EvalWriteState: writing current state object for module.alert_policies.newrelic_alert_condition.alert_conditions[“ml-interface-controller_apdex”]

2020/09/22 06:10:17 [TRACE] [walkRefresh] Exiting eval tree: module.alert_policies.newrelic_alert_condition.alert_conditions[“ml-interface-controller_apdex”]

2020/09/22 06:10:17 [TRACE] vertex “module.alert_policies.newrelic_alert_condition.alert_conditions[“ml-interface-controller_apdex”]”: visit complete

2020/09/22 06:10:17 [TRACE] dag/walk: upstream of “root” errored, so skipping

2020/09/22 06:10:17 [TRACE] vertex “module.alert_policies.newrelic_alert_condition.alert_conditions”: dynamic subgraph encountered errors

2020/09/22 06:10:17 [TRACE] vertex “module.alert_policies.newrelic_alert_condition.alert_conditions”: visit complete

2020/09/22 06:10:17 [TRACE] dag/walk: upstream of “module.alert_policies.output.alert_conditions” errored, so skipping

2020/09/22 06:10:17 [TRACE] dag/walk: upstream of “provider.newrelic (close)” errored, so skipping

2020/09/22 06:10:17 [TRACE] dag/walk: upstream of “root” errored, so skipping

Warning: “violation_time_limit_seconds”: [DEPRECATED] use violation_time_limit attribute instead
on .terraform/modules/alert_policies/newrelic/policies/main.tf line 224, in resource “newrelic_nrql_alert_condition” “nrql_alert_conditions”:

224: resource “newrelic_nrql_alert_condition” “nrql_alert_conditions” {

Warning: “term”: [DEPRECATED] use critical and warning attributes instead

on .terraform/modules/alert_policies/newrelic/policies/main.tf line 224, in resource “newrelic_nrql_alert_condition” “nrql_alert_conditions”:

224: resource “newrelic_nrql_alert_condition” “nrql_alert_conditions” {

2020/09/22 06:10:17 [DEBUG] [aws-sdk-go] DEBUG: Request dynamodb/GetItem Details:

—[ REQUEST POST-SIGN ]-----------------------------

POST / HTTP/1.1
Host: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
User-Agent: XXXXXXXXXX/1.25.3 (go1.12.13; linux; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.12.24
Content-Length: 211

Accept-Encoding: identity


Error: 403 response returned: You do not have privileges to perform this action."

Kindly suggest if the below could be resolved or if we are missing out on any other details for the migration.

Hi @Bikash.Singh,

Thanks for reaching out with your question! Based on what I’m seeing here, it seems like you didn’t hit this issue until upgrading to the new Terraform version. Is that correct?

If that’s the case, then that leads me to believe that this might be more of an issue with Terraform since a 403 error would be indicating a invalid API key. Assuming you’re using the same API key that works with the earlier version of Terraform, it seems like it would be difficult to tie this to an issue on the New Relic side.

You might consider posting about this on the GitHub page for the New Relic Terraform provider, which can be found here.. I did also find this resource, which talks about New Relic API keys when upgrading to a 2.x Terraform version. I’m not sure if that would be helpful here, but I hope that one of these resources gets you on the right path here! Let me know if you get this worked out or if there is anything I can do to be of assistance here.

EDIT: Ah it looks like I’m a bit late on this one! It looks like this is being discussed here: https://github.com/newrelic/terraform-provider-newrelic/issues/881

1 Like

Hi @Masen
Thanks for the detailed information. It’s already been discussed https://github.com/newrelic/terraform-provider-newrelic/issues/881
Will mark this discussion as resolved.
As of now with the current provider version 2.8.0 (released 10 hours back) seems to have resolved the issue currently.

1 Like