cloudflare_api_token resource creation error

[serrf0f]

Confirmation

• [X] My issue isn't already found on the issue tracker.
• [X] I have replicated my issue using the latest version of the provider and it is still present.

Terraform and Cloudflare provider version

Terraform v1.7.5 on darwin_amd64

• provider registry.terraform.io/cloudflare/cloudflare v4.29.0

Affected resource(s)

• cloudflare_api_token

Terraform configuration files

resource "cloudflare_api_token" "private_bucket_rw" {
  name = "mybucket_rw"

  policy {
    permission_groups = [
      "6a018a9f2fc74eb6b293b0c548f38b39", # Workers R2 Storage Bucket Item Read
      "2efd5506f9c8494dacb1fa10a3e7d5b6", # Workers R2 Storage Bucket Item Write
    ]
    resources = {
      "com.cloudflare.edge.r2.bucket.*" = "*"
    }
  }
}

Link to debug output

https://gist.github.com/serrf0f/02e14d3305e26d0b00b8eef564a151c6

Panic output

No response

Expected output

The cloudflare_api_token is created.

Actual output

error creating Cloudflare API Token "mybucket_rw": Unauthorized to access requested resource (9109)

Steps to reproduce

1. terraform init
2. terraform apply

Additional factoids

I do have the Account > API Token > Edit included in my token.

References

No response

[github-actions[bot]]

Terraform debug log detected :white_check_mark:

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[jacobbednarz]

the error message here is saying that the resource you have requested does not have permission to be accessed by the token you are using. this is not a Terraform specific issue as the Terraform provider is just another HTTP client so i'd recommend attempting to replicate and debug this without the provider by using the API directly. alternatively, you can view the network traffic from a browser that performs this behaviour to see what is missing.

if you're still having issues, you're best bet is to reach out to Cloudflare support for guidance. thanks!