(ec2.KeyPair): extraneous key [KeyFormat] is not permitted

[ajaykarpur]

Describe the bug

I'm creating a new key pair like so:

        const keyPair = new ec2.KeyPair(scope, `${id}KeyPair`, {
            keyPairName: `${id}-keypair`,
        });

When I deploy the stack, I get this error:

The stack named MyStack failed to deploy: UPDATE_ROLLBACK_COMPLETE: Properties validation failed for resource myKeyPair53D5213E with message:
#: extraneous key [KeyFormat] is not permitted

Expected Behavior

I'm not setting KeyFormat, so I expect it to default to PEM and deploy with no issues.

Current Behavior

The stack named MyStack failed to deploy: UPDATE_ROLLBACK_COMPLETE: Properties validation failed for resource myKeyPair53D5213E with message:
#: extraneous key [KeyFormat] is not permitted

Reproduction Steps

        const keyPair = new ec2.KeyPair(scope, `${id}KeyPair`, {
            keyPairName: `${id}-keypair`,
        });

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.126.0 (build fb74c41)

Framework Version

No response

Node.js Version

v20.9.0

OS

macOS Ventura 13.5.2

Language

TypeScript

Language Version

No response

Other information

No response

[msambol]

@ajaykarpur Are you updating a key pair by chance? I see UPDATE_ROLLBACK_COMPLETE. When I deploy a fresh one with the following code, it works:

import * as cdk from 'aws-cdk-lib';
import { Construct } from 'constructs';
import * as ec2 from 'aws-cdk-lib/aws-ec2'

export class CdkTestStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: cdk.StackProps) {
    super(scope, id, props);

    const someVar = 'test'

    const keyPair = new ec2.KeyPair(this, `${id}KeyPair`, {
      keyPairName: `${someVar}-keypair`,
    });
  }
}

[ajaykarpur]

Thanks for testing this! No, I'm not updating an existing key pair-- I'm trying to create a new one. Here's some additional context:

class UbuntuInstance extends ec2.Instance {
    constructor(scope: Construct, id: string, props: UbuntuInstanceProps) {
        const keyPair = new ec2.KeyPair(scope, `${id}KeyPair`, {
            keyPairName: `${id}-keypair`,
        });

        super(scope, id, {
            vpc: props.vpc,
            vpcSubnets: {
                subnetType: ec2.SubnetType.PUBLIC,
            },
            securityGroup: props.securityGroup,
            instanceType: new ec2.InstanceType("t3.large"),
            keyPair: keyPair,
            machineImage: ec2.MachineImage.genericLinux({
                ...

[msambol]

hmm, I can't reproduce. what happens if you don't specify keyPairName at all ?

[ajaykarpur]

Just tried-- that didn't work either, unfortunately.

[msambol]

Can I see the CFN? Here's what mine is when I deploy:

  "CdkTestStackKeyPairFFFFFF": {
   "Type": "AWS::EC2::KeyPair",
   "Properties": {
    "KeyFormat": "pem",
    "KeyName": "CdkTestStack-keypair",
    "KeyType": "rsa"
   },

[ajaykarpur]

Looks the same as mine:

 "testKeyPair53D5213E": {
  "Type": "AWS::EC2::KeyPair",
  "Properties": {
   "KeyFormat": "pem",
   "KeyName": "test-keypair",
   "KeyType": "rsa"
  },

I wonder if there's a CloudFormation bug in the region I'm using (us-gov-west-1)?

[msambol]

That could be it... can you try deploying in a different Region? If it works in that Region, could you reach out to AWS Support in the gov cloud account?

[pahud]

Yes I can't reproduce this in us-east-1 either. If it only happens at us-gov-west-1, please submit a ticket to AWS Support. Thank you.

[github-actions]

This issue has not received a response in a while. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.