Hi SecGlad!
403 Unauthorized Error:
Permissions: Even though you have Security Reader access on the management group and Contributor access at the subscription level, ensure you have the necessary permissions to read the management group. The error suggests a lack of authorization for the Microsoft.Management/managementGroups/read action.
Service Principal: If you're using a service principal with Terraform, ensure it has the required permissions. Sometimes, permissions granted to a user are not the same as those granted to a service principal.
Management Group Not Found:
UUID: The UUID 00000000-0000-0000-0000-000000000000 is typically a placeholder. Ensure you're using the correct UUID for the Tenant Root Group.
Terraform Version: You mentioned using an older version of the azurerm provider (v2.95.0). Consider testing with a newer version in a separate environment to see if the issue persists.
Troubleshooting Steps:
- First, try accessing the management group directly from the Azure Portal to ensure it's visible and accessible.
- Use Azure CLI to list and access management groups. This can help determine if the issue is specific to Terraform or a broader Azure access issue.
- Run Terraform with the TF_LOG=DEBUG or TF_LOG=TRACE environment variable to get detailed logs. This can provide more insights into the issue.
- Review the RBAC settings in Azure to ensure your user or service principal has the necessary permissions. Sometimes, explicit permissions might be needed, even if you have higher-level access.
I hope my answer helped you - if so please mark it :-)