Not able to access the state file from another account

[dhineshbabuelango]

Hi Team,

I have created an account through terraform and stored its state in the s3 bucket of the same account(Account A). The s3 bucket is encrypted with KMS key of the own account. All the steps were done manually.

Now I have created a devops pipeline using AWS codepipeline from another account(Account B). The setup works like below.

I will use an IAM role(Account B) to run terraform, the role will internally assume an admin role of Account A and update the state file provision the resources.

But when I try to run terraform init, assuming the role is working fine and after that I am getting the below error.

Initializing the backend... Error refreshing state: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your key and signing method. status code: 403

How can we solve this issue. Is there a process to migrate the state file from one account to other account without altering the AWS resources.

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.