Missing resources, wrong scope, lifecycle drift, and state mismatches.
Last reviewed: March 4, 2026|56 mapped errors|Page 2 of 4
Resource-state errors appear when identifiers, region or account scope, lifecycle state, or consistency timing do not match request assumptions.
Provider-specific error pages mapped to this category (56 total). Showing 16-30.
AWS RequestTooLargeException means the payload sent to a Lambda function exceeds the maximum allowed invocation payload size. Synchronous invocations are limited to 6MB and asynchronous invocations are limited to 256KB. The request is rejected before the function executes.
AWS ResourceNotFoundException means the target resource cannot be resolved by that service in the current account, region, partition, endpoint, lifecycle state, or caller-visible scope.
AWS TableNotFoundException indicates that the DynamoDB operation targeted a table name that does not exist in the specific AWS Region and Account provided in the client configuration.
AWS UnsupportedOperation means the requested EC2 operation is not supported for the selected instance, AMI, or resource configuration.
Amazon EC2 VolumeInUse means an EBS volume is still attached, detaching, or otherwise not in the required available state for the requested operation.
Microsoft Entra or Microsoft Graph returns group-not-found responses when the target group object cannot be resolved in the current tenant directory.
Microsoft Entra or Microsoft Graph returns `AADServicePrincipalNotFound` when the requested service principal object cannot be resolved in the active tenant.
Azure AADSTS50126 indicates a primary authentication failure where Microsoft Entra ID cannot validate the provided username and password combination. This occurs before MFA challenges or account-state checks.
Microsoft Entra ID returns `AADSTS700016` when the client application identifier cannot be found in the target tenant directory.
Microsoft Entra or Microsoft Graph returns user-not-found responses when the referenced user object cannot be resolved in the active tenant.
Azure Resource Manager returns `AuthorizationFailed` when ARM knows who the caller is, but that caller cannot perform the exact `Microsoft.*` action at the evaluated scope.
Azure BlobNotFound means the container resolved, but the exact blob name, version, or snapshot requested does not exist at that address.
Azure ConditionNotMet means one or more conditional headers evaluated false; reads can return 304 and writes typically return HTTP 412.
Azure Blob service returns `ContainerNotFound` (404) when the specified blob container does not exist.
ARM returns `InvalidResourceReference` when a referenced resource is missing or referenced with an incorrect identifier/path.
Compare Guide
Use 403 for explicit access denial, or 404 to conceal resource existence when security policy requires reducing endpoint and object enumeration risk.
Compare Guide
Learn when to return 404 (missing or temporary absence) versus 410 (intentional permanent removal), including redirect and cache implications.
Playbook
Use this playbook to separate temporary missing-resource lookups from permanent removals, then fix scope, lifecycle, and identifier drift safely.
Temporary 404s often resolve after propagation or deployment completion, while permanent removals are typically explicit lifecycle events (for example 410 semantics).
Many control planes are eventually consistent. Read-after-write visibility can lag and briefly return not-found responses.
Confirm exact scope and identifier tuple: resource name, region, account/subscription/project, and parent container.