Skip to content

aws_image_builder: resource template validation warnings #34758

New issue
New issue
Open
#34764
Open
aws_image_builder: resource template validation warnings#34758
#34764
Labels
@aws-cdk/aws-imagebuilderRelated to EC2 Image BuilderbugThis issue is a bug.p2
@tomburge

Description

@tomburge
tomburge
opened on Jun 19, 2025

Describe the bug

The problem is just related to CLI output and this may be a CloudFormation issue and not CDK. The distribution config updates properly but the messages received in the terminal indicate a template validation issue. Both the CDK docs and the CloudFormation reference has these properties so they are valid properties.

Regression Issue

  • Select this option if this issue appears to be a regression.

Last Known Working CDK Library Version

No response

Expected Behavior

The stack update completes with no warning messages about a template validation problem.

Current Behavior

These are the terminal messages from the CDK deployment.

GoldImageMainStack: start: Building GoldImageMainStack Template
GoldImageMainStack: success: Built GoldImageMainStack Template
GoldImageMainStack: start: Publishing GoldImageMainStack Template (current_account-current_region)
GoldImageMainStack: start: Publishing ResourceStack Nested Stack Template (current_account-current_region)
GoldImageMainStack: success: Published GoldImageMainStack Template (current_account-current_region)
GoldImageMainStack: success: Published ResourceStack Nested Stack Template (current_account-current_region)
GoldImageMainStack: deploying... [1/1]
GoldImageMainStack: creating CloudFormation changeset...
GoldImageMainStack | 0/3 | 1:40:06 PM | UPDATE_IN_PROGRESS | AWS::CloudFormation::Stack | GoldImageMainStack User Initiated
GoldImageMainStack | 0/3 | 1:40:09 PM | UPDATE_IN_PROGRESS | AWS::CloudFormation::Stack | ResourceStack.NestedStack/ResourceStack.NestedStackResource (ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF)
GoldImageMainStack-ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF-ESC8S90G17F | 0/3 | 1:40:10 PM | UPDATE_IN_PROGRESS | AWS::CloudFormation::Stack | GoldImageMainStack-ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF-ESC8S90G17F User Initiated
GoldImageMainStack-ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF-ESC8S90G17F | 0/3 | 1:40:13 PM | UPDATE_IN_PROGRESS | AWS::ImageBuilder::DistributionConfiguration | ResourceStack/DistributionConfiguration (DistributionConfiguration)
GoldImageMainStack-ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF-ESC8S90G17F | 0/3 | 1:40:15 PM | UPDATE_IN_PROGRESS | AWS::ImageBuilder::DistributionConfiguration | ResourceStack/DistributionConfiguration (DistributionConfiguration) Resource template validation failed for resource DistributionConfiguration as the template has invalid properties. Please refer to the resource documentation to fix the template.
Properties validation failed for resource DistributionConfiguration with message:
#/Distributions/0/AmiDistributionConfiguration: extraneous key [description] is not permitted
#/Distributions/0/AmiDistributionConfiguration: extraneous key [targetAccountIds] is not permitted
#/Distributions/0/AmiDistributionConfiguration: extraneous key [launchPermissionConfiguration] is not permitted
#/Distributions/0/AmiDistributionConfiguration: extraneous key [amiTags] is not permitted
GoldImageMainStack-ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF-ESC8S90G17F | 1/3 | 1:40:15 PM | UPDATE_COMPLETE | AWS::ImageBuilder::DistributionConfiguration | ResourceStack/DistributionConfiguration (DistributionConfiguration)
GoldImageMainStack-ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF-ESC8S90G17F | 2/3 | 1:40:16 PM | UPDATE_COMPLETE_CLEA | AWS::CloudFormation::Stack | GoldImageMainStack-ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF-ESC8S90G17F
GoldImageMainStack | 3/3 | 1:40:20 PM | UPDATE_COMPLETE | AWS::CloudFormation::Stack | ResourceStack.NestedStack/ResourceStack.NestedStackResource (ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF)
GoldImageMainStack | 4/3 | 1:40:21 PM | UPDATE_COMPLETE_CLEA | AWS::CloudFormation::Stack | GoldImageMainStack
GoldImageMainStack-ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF-ESC8S90G17F | 5/3 | 1:40:23 PM | UPDATE_COMPLETE | AWS::CloudFormation::Stack | GoldImageMainStack-ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF-ESC8S90G17F
GoldImageMainStack | 4/3 | 1:40:33 PM | UPDATE_COMPLETE | AWS::CloudFormation::Stack | ResourceStack.NestedStack/ResourceStack.NestedStackResource (ResourceStackNestedStackResourceStackNestedStackResourceC46BA6CF)
GoldImageMainStack | 5/3 | 1:40:33 PM | UPDATE_COMPLETE | AWS::CloudFormation::Stack | GoldImageMainStack

These are the messages that are problematic:

Properties validation failed for resource DistributionConfiguration with message:
#/Distributions/0/AmiDistributionConfiguration: extraneous key [description] is not permitted
#/Distributions/0/AmiDistributionConfiguration: extraneous key [targetAccountIds] is not permitted
#/Distributions/0/AmiDistributionConfiguration: extraneous key [launchPermissionConfiguration] is not permitted
#/Distributions/0/AmiDistributionConfiguration: extraneous key [amiTags] is not permitted

The stack update completes successfully even though there is a template validation error and the extraneous keys show updated when viewed in the console.

Reproduction Steps

        # Distribution Config
        distributions: list[
            awsib.CfnDistributionConfiguration.DistributionProperty
        ] = []
        for distro in distro_config.get("distributions", []):
            if distro.get("type") == "ami":
                current_distro = awsib.CfnDistributionConfiguration.DistributionProperty(
                    region=distro.get("region"),
                    ami_distribution_configuration=awsib.CfnDistributionConfiguration.AmiDistributionConfigurationProperty(
                        ami_tags=distro.get("ami_tags"),
                        description=distro.get("description"),
                        kms_key_id=distro.get("kms_key"),
                        launch_permission_configuration=awsib.CfnDistributionConfiguration.LaunchPermissionConfigurationProperty(
                            organization_arns=distro.get("org_arns"),
                            organizational_unit_arns=distro.get("ou_arns"),
                        ),
                        name=distro.get("name"),
                        target_account_ids=distro.get("accounts", []),
                    ),
                )
                distributions.append(current_distro)

        distribution_config = awsib.CfnDistributionConfiguration(
            self,
            "DistributionConfiguration",
            description=distro_config.get("description", "default description"),
            distributions=distributions,
            name=distro_config.get("name", "default-distro-config-name"),
        )

Possible Solution

No response

Additional Information/Context

No response

AWS CDK Library version (aws-cdk-lib)

2.199.0

AWS CDK CLI version

2.1019.0 (build e9c24a6)

Node.js Version

v22.15.0

OS

Windows 11

Language

Python

Language Version

Python 3.13.3

Other information

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-imagebuilderRelated to EC2 Image BuilderbugThis issue is a bug.p2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions