Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

CloudFormation ValidationError — “typeNameList failed to satisfy constraint” when deploying standard VPC template

0

I’ve been consistently encountering the following CloudFormation ValidationError when deploying a simple VPC stack — even though the YAML template is properly formatted and validates successfully with aws cloudformation validate-template.

An error occurred (ValidationError) when calling the CreateStack operation:
1 validation error detected:
Value '[AWS::EC2::VPC, SubnetRouteTableAssociation, AWS::EC2::RouteTable, AWS::EC2::VPCGatewayAttachment, AWS::EC2::Route, AWS::EC2::InternetGateway, AWS::EC2::Subnet]'
at 'typeNameList' failed to satisfy constraint:
Member must satisfy constraint: [Member must have length less than or equal to 204, Member must have length greater than or equal to 10,
Member must satisfy regular expression pattern: [A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}(::MODULE){0,1}]

Steps to reproduce:

  1. I uploaded a standard VPC CloudFormation YAML file (vpc.yaml) to S3.

  2. Ran the following command: aws cloudformation create-stack --stack-name my-vpc-stack --template-url https://s3.amazonaws.com/cfn-templates-8702/vpc.yaml --capabilities CAPABILITY_IAM CAPABILITY_NAMED_IAM --region us-east-1

  3. The template validates successfully but fails with the above error at stack creation.

Environment details:

AWS CLI version: aws-cli/2.31.11 Python/3.13.7 Linux/6.6.87.2-microsoft-standard-WSL2 exe/x86_64.ubuntu.24

Region: us-east-1 (N. Virginia)

Account type: Free Tier (Basic Support)

Template type: Standard VPC (includes AWS::EC2::VPC, subnets, IGW, route tables, and associations)

What I’ve tried:

Validated template with aws cloudformation validate-template (returns “Description: CloudFormation for VPC” ✅)

Recreated stack using both CLI and Console → same error.

Uploaded identical template under different S3 buckets → same result.

Tested with nested wrapper stack and local files → fails at nested resource creation.

Deployed successfully using equivalent bash automation (vpc-deploy.sh), confirming resources and YAML are valid.

Expected behavior: The stack should create successfully since all resource definitions are standard AWS::EC2 components.

Actual behavior: CloudFormation immediately rolls back with the above typeNameList validation error, which appears unrelated to the template itself.

Question: Is this a known CloudFormation service-side validation bug affecting AWS::EC2::Subnet or related resource types? If so, is there a timeline or workaround for deploying standard templates without triggering the typeNameList validation constraint?

Thank you for any clarification or update you can provide.

Topics
Management & GovernanceNetworking & Content Delivery
Tags
Amazon VPCAWS Command Line InterfaceAWS CloudFormation
Language
English
asked 7 months ago141 views
3 Answers
0
Accepted Answer

Hello.

Can you share the CloudFormation template you're using?
I've seen the same error occur in the past due to incorrect parameter names or definition names.
CloudFormation error messages can sometimes be difficult to pinpoint the exact location of the error, so it's difficult to determine whether there are any problems with the template without checking it.

For example, a similar error can occur even with a minor typo, as in the answer below from stackoverflow.
https://stackoverflow.com/questions/77474684/aws-cloudformation-error-securitygroup-typenamelist-member-must-satisfy-const

EXPERT
answered 7 months ago
0

The error you're encountering is related to how you're using the CloudFormation command, not an issue with your template itself. The validation error message indicates a problem with the typeNameList parameter, which suggests you might be inadvertently passing resource types in a format expected for CloudFormation extensions.

Based on the error pattern [A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}::[A-Za-z0-9]{2,64}(::MODULE){0,1}, this appears to be related to CloudFormation extension type names, which follow a specific pattern (like "AWS::ServiceName::ResourceType").

The most likely cause is that you're using a parameter or flag that's intended for CloudFormation extension activation or registration, not for standard stack creation. The --capabilities flag you're using is correct for IAM resources, but there might be another parameter in your command that's causing CloudFormation to interpret your resource types as extension types.

Try simplifying your command to:

aws cloudformation create-stack --stack-name my-vpc-stack --template-url https://s3.amazonaws.com/cfn-templates-8702/vpc.yaml --capabilities CAPABILITY_IAM

If you're using any other parameters like --type-name-list or similar, remove them as they're intended for extension registration, not standard stack creation.

Since your template validates successfully and you've been able to deploy the same resources using bash automation, the issue is almost certainly with how the CloudFormation command is being executed rather than with the template itself.
Sources
AWS::CloudFormation::TypeActivation - AWS CloudFormation
RequiredActivatedType - AWS CloudFormation
AWS::CloudFormation::PublicTypeVersion - AWS CloudFormation

answered 7 months ago
0

Thanks for the pointers! The issue was my template, not CFN. Two fixes:

  1. I had Type: SubnetRouteTableAssociation without the namespace — changed to Type: AWS::EC2::SubnetRouteTableAssociation.

  2. In the IGW attach, I accidentally used InternetGatewayId: ! InternetGateway — corrected to InternetGatewayId: !Ref InternetGateway. Also verified DependsOn: VPCGatewayAttachment matches the actual logical ID of the attachment resource. After these changes, validate-template passes and the stack creates successfully.

answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content