Terraform Azure resource provider registration fails

October 26, 2021 – Samuli Seppänen

Terraform has good support for Microsoft Azure through the Terraform Azure provider and the AzureRM backend. However, you may hit a glitch when adding or importing resources if you lack permissions to register Azure resource providers:

│ Error: Error ensuring Resource Providers are registered.
|
│ Terraform automatically attempts to register the Resource Providers it supports
| to ensure it's able to provision resources.
│                                                                                                                                                                                   
│ If you don't have permission to register Resource Providers you may wish to use
| the "skip_provider_registration" flag in the Provider block to disable this
| functionality.
│                                                                                                                                                                                   
│ Please note that if you opt out of Resource Provider Registration and Terraform
| tries to provision a resource from a Resource Provider which is unregistered,
| then the error may appear misleading - for example
|                                                                                                                                                                                   
│ > API version 2019-XX-XX was not found for Microsoft.Foo
|                                                                                                                                                                                   
│ Could indicate either that the Resource Provider "Microsoft.Foo" requires
| registration, but this could also indicate that this Azure Region doesn't support | this API version.
|
│ More information on the "skip_provider_registration" flag can be found here:
|
│ https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs#skip_provider_registration
│
│ Original Error: Cannnot register providers: Microsoft.DataLakeAnalytics, Microsoft.DBforPostgreSQL, Microsoft.AVS, Microsoft.Media, Microsoft.ApiManagement, Microsoft.Search, Mic
rosoft.Maintenance, Microsoft.ServiceBus, Microsoft.HealthcareApis, Microsoft.Relay, Microsoft.DesktopVirtualization, Microsoft.NotificationHubs, Microsoft.SecurityInsights, Micros
oft.DBforMariaDB, Microsoft.Kusto, Microsoft.DataLakeStore, Microsoft.Automation, Microsoft.CognitiveServices, Microsoft.ManagedServices, Microsoft.EventGrid, Microsoft.BotService,

--- snip ---

At first glance this error look cryptic, but it is quite clear once you understand what Azure resource providers are - I like to think of them as "enabled Azure services" or "enabled Azure features".

You don't usually need to concern yourself with resource providers as they get automatically registered when you deploy an Azure Resource Manager (ARM) template or create a resource in Azure Portal. However, with Terraform Azure provider you may run into issues because it tries to register all resource providers it supports, not just those you actually use in your Terraform code. This goes against the documented least privilege recommendation in Azure resource provider documentation and having this feature turned off is actually good from security perspective. In any case, if you lack the permissions to register Azure providers Terraform will throw the above error message at your face.

To disable automatic registration of Azure resource provider just add skip_provider_registration = "true" to the provider configuration:

provider "azurerm" {
  skip_provider_registration = "true"
  features {} 
}

This solves the problem until you add Terraform code that exercises an Azure resource provider that is not registered yet. But knowing this you will be able to fix the error easily.

Want to talk to an expert?

If you want to reach us, just send us a message or book a free call!
menucross-circle