There are instances when I was deploying Cloud Formation templates and I encountered errors. This is a really common mistake when you are dealing with complex CFT. If the Cloud Formation template has a lot of properties then it is really hard to define all of those from scratch. This is where sometimes I went wrong. In this post, I will tell you about failing to validate the property for a particular resource.

Following is the error description from AWS Cloud Formation Console:

Properties validation failed for resource lambda function with message #/Role: failed validation constraint for keyword [pattern]

With this description, I had clue that something is wrong with the role. But there is no clear error message stating the exact error. This leads me to find the root cause.

A little background to understand the problem. I was creating a Lambda function using SAM. Defined all the required properties.

Can you find the error in the above code snippet? I thought the issue might be there in the Role resource. No, there are no issues while creating LambdaExecutionRole resource. It was created successfully. I checked CloudFormation serverless function documentation a couple of times explicitly for role property. Then I realized the mistake.

Role
The ARN of an IAM role to use as this function’s execution role.

Look at the above Cloud Formation template closely. Emphasis on role property. I had used the !Ref function as the role property value. It resolves value as the Logical ID of the Role that I have defined. It does not return the required Role ARN. More on the AWS CloudFormation Role documentation return values here.

I replaced role property value from !Ref LambdaExecutionRole to !GetAtt LambdaExecutionRole.Arn That’s it!!!
Here is the corrected template:

It was a very small mistake. As I have used !Ref function for other resources and parameters in the template. I carried away with the !Ref function in the role property as well. Which led to the Properties validation failed for resource lambda function with message #/Role: failed validation constraint for keyword [pattern]

Resource: AWS Support link