How do I resolve the "Model validation failed (#: extraneous key [Key] is not permitted)" error in AWS CloudFormation?

Last updated: 2020-08-17

I receive the "Model validation failed (#: extraneous key [Key] is not permitted)" error in my stack events when I create a resource using my resource provider in AWS CloudFormation. How can I resolve this error?

Short description


1.    Confirm that the properties defined in your AWS CloudFormation template are also defined in your organization-service-resource.json file.

Note: The resource provider schema file is a JSON file in the organization-service-resource.json format and is located in the root directory of your project.

2.    If you defined the properties correctly, confirm that your project was built successfully by running the cfn generate, mvn package, and cfn submit commands in sequence. For example:

$ cfn generate
Generated files for Organization::Service::Resource
$ mvn package
[INFO] Scanning for projects...
[INFO] --< software.organization.service.resource:organization-service-resource-handler >--
[INFO] Building organization-service-resource-handler 1.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  21.690 s
[INFO] Finished at: 2020-07-14T16:02:47-05:00
[INFO] ------------------------------------------------------------------------
$ cfn submit 
Successfully submitted type. Waiting for registration with token '12345a-abcde-6789-abc1-a1234b567891' to complete.
{'ProgressStatus': 'COMPLETE', 'Description': 'Deployment is currently in DEPLOY_STAGE of status COMPLETED' , 'TypeArn': 'arn:aws:cloudformation:us-east-1:1234567891:type/resource/Organization-Service-Resource', 'TypeVersionArn': 'arn:aws:cloudformation:us-east-1:1234567891:type/resource/Organization-Service-Resource/00000035', 'ResponseMetadata': {'RequestId': '123a1234-b123-4567-abcd-123a123b1c1d', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '123a1234-b123-4567-abcd-123a123b1c1d', 'content-type': 'text/xml', 'content-length': '952', 'date': 'Tue, 14 Jul 2020 21:16:17 GMT'}, 'RetryAttempts': 0}}

3.    To set the current version of your project to be used by default, run the following command:

aws cloudformation set-type-default-version --type RESOURCE --type-name Organization::Service::Resource --version-id 00000005

Note: Replace the values for --type-name and --version-id with your resource type's name and the latest version of the build returned by cfn submit in the TypeVersionArn key.

4.    If steps 1-3 don't resolve the issue, then check if you're using a reserved property by changing the name of the property in both the resource provider schema and your AWS CloudFormation template. Then, rebuild and register your resource type, and try to create the resource using AWS CloudFormation again with the different property name.

Consider the following tips:

If your unit tests are not complete and you want to skip the tests, run mvn -Dmaven.test.skip=true package instead of mvn package.

To set the current type version as the default after a successful registration of the type version, specify the --set-default option to cfn submit based on the following example:

$ cfn submit --set-default

Note: For more information, see submit.

You can troubleshoot the tests by navigating to the directory /target/surefire-reports from your project's root directory.

Did this article help?

Do you need billing or technical support?