Troubleshooting Module Access Errors in Spacelift

Last updated: January 28, 2026

This article explains common causes of module access errors in Spacelift and how to resolve them. The most frequent issues are related to space inheritance, module sharing, and API key permissions.

Common Symptoms

  • A stack fails to download or reference a Terraform/OpenTofu module

  • Errors indicating the module cannot be found or accessed "module has no versions available"

  • Access works in one space but not another

Step 1: Verify Space Setup and Inheritance

Historical behavior:

Historically, a stack could access a module only if:

  • The module lived in the same space as the stack, or

  • The module lived in a parent space and inheritance was enabled on the child space

Access was not allowed across sibling spaces.

Current behavior with fine-grained RBAC

With the introduction of fine-grained RBAC roles, stacks can now be granted access to modules across any space, provided the correct permissions are assigned.

Key points:

  • A stack can access a module in any space if it has been granted space read permission for that space

  • This is configured using stack roles

  • Stack roles only take effect when the stack’s Administrative flag is disabled

If the Administrative flag is enabled, RBAC permissions are bypassed.

For detailed documentation, see: https://docs.spacelift.io/concepts/authorization/rbac-system

Step 2: Verify Module Sharing Settings

Modules can be explicitly shared with selected spaces to control discoverability and access.

How module sharing works

  • A module can be shared with one or more spaces

  • Any stack in a shared space can reference the module

  • Child spaces with inheritance enabled will also gain access automatically

How to configure module sharing

  1. Navigate to Module settings → Availability

  2. Select the target spaces to share the module with

For detailed documentation, see: https://docs.spacelift.io/vendors/terraform/module-registry.html#space-sharing

Step 3: Check API Key Permissions

If the stack or automation accesses the module using an API key, ensure the key has sufficient permissions.

Required permissions

  • The API key must have read access to the space where the module resides

  • If login policies are in use, the API key must be explicitly allowed

Example login policy

allow {
input.session.login == "api::<API_KEY>"
}

space_read["<space_id>"] {
input.session.login == "api::<API_KEY>"
}

Replace:

  • <API_KEY> with the API key value

  • <space_id> with the ID of the space containing the module

This policy grants the API key read access to the specified space, allowing it to download and use the module.

Summary Checklist

  • Confirm the stack’s space and inheritance settings

  • Verify whether the module is shared with the stack’s space

  • Ensure RBAC stack roles are configured correctly and the Administrative flag is disabled if using stack roles to access a sibling/ unrelated space

  • Validate API key permissions and login policies

If all of the above are correct and access issues persist, collect the stack run logs and contact Spacelift support for further investigation.