How do I resolve AWS CloudFormation template validation errors or template format errors?

Last updated: 2019-10-16

I receive an error message when I try to create my AWS CloudFormation stack. How can I resolve this error?

Short Description

Choose one of the following solutions based on what error messages you receive:

  • For "JSON not well-formed" or "YAML not well-formed" errors, go to the Validate template syntax section.
  • For "Unresolved resource dependencies [XXXXXXXX] in the Resources block of the template" errors, go to the Validate logical and physical IDs section.
  • For "Unrecognized parameter type: XXXXXXXX" or "Invalid template parameter property 'XXXXXXXX'" errors, go to the Validate parameter definitions section.
  • For "Every Condition member must be a string" errors, go to the Confirm that Conditions is specified as a string section.
  • For "Unrecognized resource types: [XXXXXXXX]" errors, go to the Verify the availability of your resource type section.
  • For "Encountered unsupported property XXXXXXXX" errors, go to the Validate properties, values, and value types section.
  • For "The [environmental resource] 'XXXXXXXX' does not exist" errors, go to the Verify that your resource exists outside the stack, or validate dependencies for resources in the same stack section.
  • For "At least one Resources member must be defined" errors, go to the Include a Resources section in your template section.
  • For "Invalid template property or properties [XXXXXXXX]" errors, go to the Verify template properties section.

Resolution

Validate template syntax

To follow proper JSON or YAML syntax in your AWS CloudFormation template, consider the following:

Validate logical and physical IDs

Confirm that resource logical IDs are defined in your template and that resource physical IDs exist in your environment.

For example, test is referenced for the ImageId property in the following JSON template and for the ImageID property in the following YAML template. But, neither template includes a resource logical ID or parameter named test.

The resource ID isn't correctly defined in the following templates. Using these templates returns the following error: "Unresolved resource dependencies [test] in the Resources block of the template.” For more information on resource definitions and their syntax, see Resources.

JSON:

{
  "Parameters" : { ... },
  "Resources" : {
    "EC2Instance01" : {
      "Type" : "AWS::EC2::Instance",
      "Properties" : {
        "ImageId" : {"Ref": "test"},
        ...
      }
    }
  }
}

YAML:

Parameters:
Resources:
  EC2Instance01:
    Type: AWS::EC2::Instance
    Properties:
      ImageID: !Ref: test

Validate parameter definitions

1.    Set Type to one of the following properties only: String, Number, List<Number>, or CommaDelimitedList (including AWS-specific parameter types and SSM parameter types).

2.    In your AWS CloudFormation template, verify that the parameters include only the following permitted properties:

"Parameters" : {
  "ParameterName" : {
    "AllowedPattern" : "A regular expression that represents the patterns to allow for String types.",
    "AllowedValues" : "An array containing the list of values allowed for the parameter",
    "ConstraintDescription" : "A string that explains a constraint when the constraint is violated"
    "Default" : "A value of the appropriate type for the template to use if no value is specified when a stack is created. If you define constraints for the parameter, you must specify a value that adheres to those constraints",
    "Description" : "A string of up to 4000 characters that describes the parameter",
    "MaxLength" : "An integer value that determines the largest number of characters you want to allow for String types",
    "MaxValue" : "A numeric value that determines the largest numeric value you want to allow for Number types.",
    "MinLength" : "An integer value that determines the smallest number of characters you want to allow for String types.",
    "MinValue" : "A numeric value that determines the smallest numeric value you want to allow for Number types.",
    "NoEcho" : "Whether to mask the parameter value when a call is made that describes the stack.
                 If you set the value to true, the parameter value is masked with asterisks (*****).",
    "Type" : "The data type for the parameter (DataType)."
 },

3.    In your AWS CloudFormation template, confirm that the Parameters section doesn't contain any intrinsic functions.

For example, the default value for ParameterC in the following JSON and YAML templates has the intrinsic function Fn::Sub. This intrinsic function causes the validation error: "Every Default member must be a string."

JSON:

{
  "Parameters": {
    "ParameterA": {
      "Type": "String",
      "Default": "abc"
    },
    "ParameterB": {
      "Type": "String",
      "Default": "def"
    },
    "ParameterC": {
      "Type": "String",
      "Default": {
        "Fn::Sub": "${ParameterA}-${ParameterB}"
      }
    }
  },
  "Resources": {
    "MyS3Bucket": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
        "BucketName": {
          "Ref": "ParameterC"
        }
      }
    }
  }
}

YAML:

Parameters:
 ParameterA:
  Type: String
  Default: abc
 ParameterB:
  Type: String
  Default: def
 ParameterC:
  Type: String
  Default: !Sub '${ParameterA}-${ParameterB}'
Resources:
 MyS3Bucket:
  Type: 'AWS::S3::Bucket'
  Properties:
   BucketName: !Ref ParameterC

Confirm that Conditions is specified as a string

In your AWS CloudFormation template, specify Conditions as a string.

For example, the condition in the resource EC2RouteA is specified as a list of strings instead of a single string in the following example JSON and YAML templates. Using these templates results in the following validation error: "Every Condition member must be a string."

JSON:

{
  "Conditions": {
    "ConditionA": {
      "Fn::Not": [
        {
          "Fn::Equals": [
            "",
            "Sample"
          ]
        }
      ]
    },
    "ConditionB": {
      "Fn::Not": [
        {
          "Fn::Equals": [
            "",
            "Sample"
          ]
        }
      ]
    }
  },
  "Resources": {
    "EC2RouteA": {
      "Type": "AWS::EC2::Route",
      "Condition": [
        "ConditionA",
        "ConditionB"
      ],
      "Properties": {
       ...
      }
    }
  }
}

YAML:

Conditions:
 ConditionA: !Not 
  - !Equals 
   - ''
   - Sample
 ConditionB: !Not 
  - !Equals 
   - ''
   - Sample
Resources:
  EC2RouteA:
  Type: 'AWS::EC2::Route'
  Condition:
   - ConditionA
   - ConditionB
  Properties:

To resolve this error, add ConditionAandB to your template, and then use ConditionAandB as the condition for the EC2RouteA resource. See the following example templates.

JSON:

{
  "Conditions": {
    "ConditionA": {
      "Fn::Not": [
        {
          "Fn::Equals": [
            "",
            "Sample"
          ]
        }
      ]
    },
    "ConditionB": {
      "Fn::Not": [
        {
          "Fn::Equals": [
            "",
            "Sample"
          ]
        }
      ]
    },
    "ConditionAandB": {
      "Fn::And": [
        {
          "Condition": "ConditionA"
        },
        {
          "Condition": "ConditionB"
        }
      ]
    }
  },
  "Resources": {
    "EC2RouteA": {
      "Type": "AWS::EC2::Route",
      "Condition": "ConditionAandB",
      "Properties": {
        ...
      }
    }
  }
}

YAML:

Conditions:
  ConditionA:
    Fn::Not:
    - Fn::Equals:
      - ''
      - Sample
  ConditionB:
    Fn::Not:
    - Fn::Equals:
      - ''
      - Sample
  ConditionAandB:
    Fn::And:
    - Condition: ConditionA
    - Condition: ConditionB
Resources:
  EC2RouteA:
    Type: AWS::EC2::Route
    Condition: ConditionAandB
    Properties:

Verify the availability of your resource type

Verify that your resource is available in your AWS Region.

Not all resource types are available in every AWS Region. For example, the resource type AWS::WAFRegional::IPSet in the following JSON and YAML templates is currently unavailable in ap-south-1. Using these templates results in the following error: "Unrecognized resource types: [XXXXXXXX]."

JSON:

{
  "IPSetBlacklistA": {
    "Type": "AWS::WAFRegional::IPSet",
    "Properties": {
      "Name": "IPSet for blacklisted IP addresses",
      "IPSetDescriptors": [
        {
          "Type": "IPV4",
          "Value": "x.x.x.x/x"
        },
        {
          "Type": "IPV4",
          "Value": "x.x.x.x/x"
        }
      ]
    }
  }
}

YAML:

IPSetBlacklistA:
 Type: 'AWS::WAFRegional::IPSet'
 Properties:
  Name: IPSet for blacklisted IP addresses
  IPSetDescriptors:
   - Type: IPV4
    Value: x.x.x.x/x
   - Type: IPV4
    Value: x.x.x.x/x

Note: AWS CloudFormation templates are stored as text files using a format that complies with JSON or YAML standards. The preceding JSON and YAML templates use the same template but a different format. For more information about YAML support, see Learn Template Basics, AWS CloudFormation Update – YAML, Cross-Stack References, Simplified Substitution, and YAML Version 1.2.

Validate properties, values, and value types

Use valid properties, values, and value types in your template sections and resource definitions.

Verify that your resource exists outside the stack, or validate dependencies for resources in the same stack

If you're hardcoding a resource or Amazon Resource Name (ARN) for a resource that exists outside of the AWS CloudFormation stack into one of your stack's resources, verify the following:

  • The resource name or ARN is correct
  • The resource exists
  • The resource exists in the same AWS Region as the stack (Some resources accept properties across Regions or accounts.)

For example, if the security group doesn't exist or doesn't exist in the stack's AWS Region for an AWS::EC2::Instance resource in your stack that's specifying a security group (sg-1234567890), then the AWS::EC2::Instance resource will fail. You will receive the following error message: "The sg-1234567890 does not exist" error." See the following example:

LinuxInstance:
    Type: AWS::EC2::Instance
    Properties:
      SubnetId: !Ref ServerSubnetID 
      KeyName: !Ref EC2KeyPairName
      SecurityGroupIds: sg-1234567890 <this resource must exist and be in the same region as the stack>

Include a Resources section in your template

You must include a Resources section in your AWS CloudFormation template, or you will receive an error.

Verify template properties

Use only permitted template properties in your AWS CloudFormation template.

In the following example, the bucket resource is on the same level as the Resources section. This returns the following error: "Template validation error: Invalid template property or properties [Bucket]." The error is caused because the AWS CloudFormation template validator sees the bucket resource as a section-level specification, which isn't allowed as a template property.

JSON:

{
   "Resources": {
      "WaitCondition": {
         "Type": "AWS::CloudFormation::WaitCondition"
      }
   },
   "Bucket": {
      "Type": "AWS::S3::Bucket",
      "Properties": {
         "Name": "examplebucketname"
      }
   }
}

YAML:

Resources:
  WaitCondition:
    Type: AWS::CloudFormation::WaitCondition
Bucket:
  Type: AWS::S3::Bucket
  Properties:
    Name: examplebucketname

Did this article help you?

Anything we could improve?


Need more help?