AWS

ValidationException - Validation Exception

Getting a **ValidationException** means your input data failed AWS service validation—DynamoDB items violate schema constraints, Lambda function code has errors, or IAM policy documents have syntax issues. This client-side error (4xx) happens when AWS validates request data before processing. Most common when DynamoDB item attributes don't match table schema, but also appears when Lambda function code is invalid, IAM policy JSON is malformed, or input values violate service constraints.

#Common Causes

  • Identity: IAM policy JSON syntax error. Policy document violates IAM constraints. Policy conditions invalid.
  • Network: VPC configuration validation fails. Security Group rule validation errors.
  • Limits: DynamoDB item violates table schema. Lambda function code invalid. Input value out of allowed range. Missing required fields. Invalid data format.

Solutions

  1. 1Step 1: Diagnose - Review exact validation error: AWS usually specifies which field/constraint failed. Check error message for field names. Review validation constraints.
  2. 2Step 2: Diagnose - Check DynamoDB table schema: aws dynamodb describe-table --table-name TABLE_NAME --query 'Table.[AttributeDefinitions,KeySchema]' --output json. Verify item attributes match schema.
  3. 3Step 3: Diagnose - Validate IAM policy JSON: aws iam get-role-policy --role-name ROLE_NAME --policy-name POLICY_NAME --query 'PolicyDocument' | jq '.'. Check JSON syntax: echo POLICY_JSON | jq '.'.
  4. 4Step 4: Fix - Validate input before sending: Check required fields. Verify data types match schema. Validate value ranges. Test with minimal input first.
  5. 5Step 5: Fix - Fix validation errors: Update DynamoDB items to match schema. Fix IAM policy JSON syntax. Correct Lambda function code. Ensure all required parameters are present.

</>Code Examples

Check DynamoDB Table Schema
1#!/bin/bash
2TABLE_NAME="MyTable"
3
4# Get table schema
5echo "=== DynamoDB Table Schema ==="
6aws dynamodb describe-table \
7  --table-name ${TABLE_NAME} \
8  --query 'Table.[AttributeDefinitions,KeySchema,TableName]' \
9  --output json | jq '.'
10
11# Check key schema (partition key and sort key)
12echo "\n=== Key Schema ==="
13aws dynamodb describe-table \
14  --table-name ${TABLE_NAME} \
15  --query 'Table.KeySchema[*].[AttributeName,KeyType]' \
16  --output table
17
18# Check attribute definitions (data types)
19echo "\n=== Attribute Definitions ==="
20aws dynamodb describe-table \
21  --table-name ${TABLE_NAME} \
22  --query 'Table.AttributeDefinitions[*].[AttributeName,AttributeType]' \
23  --output table
24
25# Example: Validate item matches schema
26echo "\n=== Validating Item ==="
27echo "Item must have partition key and sort key (if defined)"
28echo "Attribute types must match: S (string), N (number), B (binary)"
Validate IAM Policy JSON
1#!/bin/bash
2# Get IAM policy and validate JSON
3ROLE_NAME="MyRole"
4POLICY_NAME="MyPolicy"
5
6echo "=== Getting IAM Policy ==="
7POLICY_JSON=$(aws iam get-role-policy \
8  --role-name ${ROLE_NAME} \
9  --policy-name ${POLICY_NAME} \
10  --query 'PolicyDocument' \
11  --output json 2>&1)
12
13if [ $? -eq 0 ]; then
14  echo "\n=== Validating JSON Syntax ==="
15  echo "${POLICY_JSON}" | jq '.' > /dev/null 2>&1
16  if [ $? -eq 0 ]; then
17    echo "✓ JSON syntax valid"
18    echo "${POLICY_JSON}" | jq '.'
19  else
20    echo "✗ Invalid JSON syntax"
21    echo "${POLICY_JSON}"
22  fi
23else
24  echo "Error getting policy: ${POLICY_JSON}"
25fi
26
27# Validate policy structure
28echo "\n=== Validating Policy Structure ==="
29if command -v jq &> /dev/null; then
30  echo "${POLICY_JSON}" | jq 'has("Version")' && echo "✓ Has Version"
31  echo "${POLICY_JSON}" | jq 'has("Statement")' && echo "✓ Has Statement"
32fi
Validate DynamoDB Item Before Put
1#!/bin/bash
2TABLE_NAME="MyTable"
3
4# Get table schema first
5echo "=== Getting Table Schema ==="
6KEY_SCHEMA=$(aws dynamodb describe-table \
7  --table-name ${TABLE_NAME} \
8  --query 'Table.KeySchema[*].AttributeName' \
9  --output text)
10
11echo "Required keys: ${KEY_SCHEMA}"
12
13# Validate item has required keys
14ITEM='{"id":{"S":"123"},"name":{"S":"John"}}'
15echo "\n=== Validating Item ==="
16echo "Item: ${ITEM}"
17
18# Check if item has partition key
19if echo "${ITEM}" | jq -e '.id' > /dev/null 2>&1; then
20  echo "✓ Has partition key: id"
21else
22  echo "✗ Missing partition key: id"
23fi
24
25# Validate with dry-run (if supported) or test put
26echo "\n=== Testing Item (dry-run not available, but validate structure) ==="
27echo "${ITEM}" | jq '.' > /dev/null 2>&1
28if [ $? -eq 0 ]; then
29  echo "✓ Item JSON is valid"
30else
31  echo "✗ Invalid JSON format"

Related Errors

InvalidParameterInvalidParameterValue

Provider Information

This error code is specific to AWS services. For more information, refer to the official AWS documentation.

ValidationException - Validation Exception | AWS Error Reference | Error Code Reference