Cloud Internship 2026
Chapter 8
Troubleshooting
8.1 AWS CLI
| Symptom | Fix |
|---|---|
| Unable to locate credentials | Run aws configure or check that AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars are set. |
| "An error occurred (AuthFailure)" | Your credentials are wrong or expired. Re-run aws configure with the correct keys. |
| "InvalidClientTokenId" | The access key ID does not exist. Check for typos in aws configure. |
| Wrong region | Set default region: aws configure set region ap-southeast-1 or use --region flag. |
8.2 Terraform
| Symptom | Fix |
|---|---|
| "Error: No valid credential sources found" | AWS credentials not configured. Run aws configure or set environment variables. |
| "Error: Provider produced inconsistent result" | State is out of sync. Run terraform refresh or check if resource was manually deleted in Console. |
| "Error: Cycle detected" | Circular dependency between resources. Check which resource depends on which and break the cycle. |
| terraform plan shows resource will be destroyed unexpectedly | You changed a resource argument that forces replacement. Read the plan output carefully — it tells you why. |
| "Error: creating Security Group: InvalidVpcID.NotFound" | The vpc_id variable is empty or wrong. Run terraform output in the VPC module to check. |
| State file locked | Someone else (or a crashed apply) locked the state. Run: terraform force-unlock <LOCK_ID> |
| "Backend initialization required" | Run terraform init again after any provider or backend configuration change. |
8.3 AWS Resources
| Symptom | Fix |
|---|---|
| EC2 instance unreachable via SSH | Check security group ingress rule for port 22. Check the key pair. Check subnet route table has IGW route. |
| ALB returning 502 Bad Gateway | Target group health checks are failing. Check the EC2 instances are running and the web server is listening. |
| RDS connection refused from jump host | Check RDS security group allows port 3306/5432 from the jump host security group. Confirm RDS is in private subnets. |
| S3 access denied | Check bucket policy and IAM permissions. Confirm public access block is not blocking your intended access. |
| Resources still running after terraform destroy | Some resources have dependencies. Run terraform destroy again or manually delete from Console, then re-sync state. |
Common Mistake
If you accidentally expose credentials in a GitLab commit: tell your instructor immediately.
If terraform destroy fails partway through: check the AWS Console for orphaned resources and delete them manually.
Never try to fix a broken state file by editing the .tfstate file manually — ask for help first.