Mapping values are not allowed here

Solving the mapping values are not allowed here error in CloudFormation Templates

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

⚙️ Check out my series on Automating Cybersecurity Metrics | Code.

🔒 Related Stories: Bugs | AWS Security | Secure Code

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I got this error running a hastily written CloudFormation template:

mapping values are not allowed here
in “<unicode string>”, line 8, column 9:
Type: AWS::IAM::Group
^ (line: 8)

The problem was that I forgot a colon after the resource name on the prior line.

In other words this:

Resources:
  batch_job_admin_group
    Type: AWS::IAM::Group

Should have been this:

Resources:
  batch_job_admin_group:
    Type: AWS::IAM::Group

The error message might technical make sense to someone based on the underlying implementation in CloudFormation but this error message makes no sense and is not at all user-friendly for someone new to CloudFormation.

Here’s another case of “Mapping values are not allowed here”:

I got the error on the line with Fn::ImportValue because I had one too many dashes:

Although the above syntax is correct, the template didn’t deploy because DomainValidationOptions wants a list.

From a post on S3 bucket troubleshooting:

If you get an error “Mapping Values Not Allowed Here” make sure you have the !Sub on one line followed by the dashes indented on the next two lines. the first line contains the string with the tokens to replace. The lines after define the values for each token.

Troubleshooting S3 bucket policies

ACM.199 A working Organization CloudTrail Bucket Policy

medium.com

Here’s another issue that caused this error:

I forgot “Properties:” in the template above “Name:” (and I had copied a template and forgot to change the type but I don’t think that caused the error — it was the missing “Properties” element shown below.

Here are a copy of other posts on the topic: