How do I resolve the "Model validation failed (#: extraneous key [Key] is not permitted)" error in CloudFormation?

3 minutos de lectura

I receive the "Model validation failed (#: extraneous key [Key] is not permitted)" error in my stack events. This error occurs when I create a resource using a custom a resource provider with the AWS CloudFormation Command Line Interface (CLI).

Short description

You receive this error when you try to create a resource with properties using your resource provider. However, you haven't defined one or more properties in the resource provider schema or you're using reserved properties.

If you're having issues with other errors related to using a resource provider, see the following articles for additional troubleshooting steps:

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent AWS CLI version.


1.    Confirm that the properties defined in your CloudFormation template are also defined in your organization-service-resource.json file.

Note: The resource provider schema file is a JSON file in the organization-service-resource.json format and is located in the root directory of your project.

2.    If you defined the properties correctly, confirm that your project built successfully by running the cfn generate, mvn package, and cfn submit commands in sequence. For example:

$ cfn generate
Generated files for Organization::Service::Resource
$ mvn package
[INFO] Scanning for projects...
[INFO] --< software.organization.service.resource:organization-service-resource-handler >--
[INFO] Building organization-service-resource-handler 1.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  21.690 s
[INFO] Finished at: 2020-07-14T16:02:47-05:00
[INFO] ------------------------------------------------------------------------
$ cfn submit 
Successfully submitted type. Waiting for registration with token '12345a-abcde-6789-abc1-a1234b567891' to complete.
{'ProgressStatus': 'COMPLETE', 'Description': 'Deployment is currently in DEPLOY_STAGE of status COMPLETED' , 'TypeArn': 'arn:aws:cloudformation:us-east-1:1234567891:type/resource/Organization-Service-Resource', 'TypeVersionArn': 'arn:aws:cloudformation:us-east-1:1234567891:type/resource/Organization-Service-Resource/00000035', 'ResponseMetadata': {'RequestId': '123a1234-b123-4567-abcd-123a123b1c1d', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '123a1234-b123-4567-abcd-123a123b1c1d', 'content-type': 'text/xml', 'content-length': '952', 'date': 'Tue, 14 Jul 2020 21:16:17 GMT'}, 'RetryAttempts': 0}}

3.    To set the current version of your project to be used by default, run the following command:

aws cloudformation set-type-default-version --type RESOURCE --type-name Organization::Service::Resource --version-id 00000005

Note: Replace the values for --type-name and --version-id with your resource type's name and the latest version of the build returned by cfn submit in the TypeVersionArn key.

4.    If steps 1-3 don't resolve the issue, check whether you're using a reserved property by changing the name of the property in both the resource provider schema and your CloudFormation template. Then, rebuild and register your resource type, and try to create the resource using CloudFormation again with the different property name.

Consider the following tips:

If your unit tests aren't complete and you want to skip the tests, run mvn -Dmaven.test.skip=true package instead of mvn package.

To set the current type version as the default after a successful registration of the type version, specify the --set-default option to cfn submit. For example:

$ cfn submit --set-default

Note: For more information, see submit.

You can troubleshoot the tests by navigating to the directory /target/surefire-reports from your project's root directory.

Related information

AWS CloudFormation CLI

OFICIAL DE AWSActualizada hace 9 meses