diff --git a/.changelog/26768.txt b/.changelog/26768.txt
new file mode 100644
index 00000000000..bad2eb7c189
--- /dev/null
+++ b/.changelog/26768.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+resource/aws_replication_subnet_group: Add retry to create step, resolving `AccessDeniedFault` error
+```
\ No newline at end of file
diff --git a/internal/service/dms/replication_subnet_group.go b/internal/service/dms/replication_subnet_group.go
index e8082c52681..8a9651b46de 100644
--- a/internal/service/dms/replication_subnet_group.go
+++ b/internal/service/dms/replication_subnet_group.go
@@ -7,10 +7,13 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/arn"
 	dms "github.com/aws/aws-sdk-go/service/databasemigrationservice"
+	"github.com/hashicorp/aws-sdk-go-base/v2/awsv1shim/v2/tfawserr"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-provider-aws/internal/conns"
 	"github.com/hashicorp/terraform-provider-aws/internal/flex"
 	tftags "github.com/hashicorp/terraform-provider-aws/internal/tags"
+	"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
 	"github.com/hashicorp/terraform-provider-aws/internal/verify"
 )
 
@@ -72,9 +75,26 @@ func resourceReplicationSubnetGroupCreate(d *schema.ResourceData, meta interface
 
 	log.Println("[DEBUG] DMS create replication subnet group:", request)
 
-	_, err := conn.CreateReplicationSubnetGroup(request)
-	if err != nil {
-		return err
+	err := resource.Retry(propagationTimeout, func() *resource.RetryError {
+		_, err := conn.CreateReplicationSubnetGroup(request)
+
+		if tfawserr.ErrCodeEquals(err, dms.ErrCodeAccessDeniedFault) {
+			return resource.RetryableError(err)
+		}
+
+		if err != nil {
+			return resource.NonRetryableError(err)
+		}
+
+		return nil
+	})
+
+	if tfresource.TimedOut(err) {
+		_, err = conn.CreateReplicationSubnetGroup(request)
+
+		if err != nil {
+			return err
+		}
 	}
 
 	d.SetId(d.Get("replication_subnet_group_id").(string))
diff --git a/internal/service/dms/wait.go b/internal/service/dms/wait.go
index 33a4ccd0843..90fddfeb6fa 100644
--- a/internal/service/dms/wait.go
+++ b/internal/service/dms/wait.go
@@ -8,6 +8,7 @@ import (
 )
 
 const (
+	propagationTimeout            = 2 * time.Minute
 	replicationTaskRunningTimeout = 5 * time.Minute
 )