DevRef
error aws

AWS InvalidParameterValue Error

Understanding AWS InvalidParameterValue error - a parameter value provided in the API request is not valid for the given context.

What It Means

The InvalidParameterValue error indicates that a value provided for an API parameter is not valid. The parameter name and format are correct, but the value itself is not acceptable — it might be out of range, reference a non-existent resource, or not match the expected format.

This differs from ValidationException, which typically covers structural validation errors (missing required parameters, wrong types).

Common Causes

  • Invalid AMI ID, security group ID, or subnet ID
  • Instance type not available in the selected region/AZ
  • Invalid ARN format
  • Region-specific resource referenced from another region
  • Parameter value out of the allowed range
  • Invalid CIDR block format
  • Referencing a deleted or non-existent resource
  • Invalid tag key or value format

How to Fix

Validate resource IDs

# Verify an AMI exists in the current region
aws ec2 describe-images --image-ids ami-0123456789abcdef0

# Verify a security group exists
aws ec2 describe-security-groups --group-ids sg-0123456789abcdef0

# Verify a subnet exists
aws ec2 describe-subnets --subnet-ids subnet-0123456789abcdef0

# Check instance type availability
aws ec2 describe-instance-type-offerings \
  --location-type availability-zone \
  --filters Name=instance-type,Values=t3.micro \
  --query 'InstanceTypeOfferings[].Location'

Fix common parameter issues

# Wrong region for a resource
aws ec2 run-instances \
  --image-id ami-0123456789abcdef0 \
  --region us-east-1  # AMI must exist in this region

# Invalid CIDR block
aws ec2 create-security-group \
  --group-name my-sg \
  --description "My security group"

# Bad: invalid CIDR
aws ec2 authorize-security-group-ingress \
  --group-id sg-xxx --protocol tcp --port 80 --cidr 10.0.0.0/33

# Good: valid CIDR
aws ec2 authorize-security-group-ingress \
  --group-id sg-xxx --protocol tcp --port 80 --cidr 10.0.0.0/16

Handle in application code (boto3)

import boto3
from botocore.exceptions import ClientError

ec2 = boto3.client('ec2')

try:
    response = ec2.run_instances(
        ImageId='ami-0123456789abcdef0',
        InstanceType='t3.micro',
        MinCount=1,
        MaxCount=1,
        SubnetId='subnet-0123456789abcdef0'
    )
except ClientError as e:
    error_code = e.response['Error']['Code']
    error_msg = e.response['Error']['Message']

    if error_code == 'InvalidParameterValue':
        print(f"Invalid parameter: {error_msg}")
        # Parse the error message to identify which parameter is wrong
    raise

Handle in JavaScript (AWS SDK v3)

import { EC2Client, RunInstancesCommand } from '@aws-sdk/client-ec2';

const client = new EC2Client({ region: 'us-east-1' });

try {
  await client.send(new RunInstancesCommand({
    ImageId: 'ami-0123456789abcdef0',
    InstanceType: 't3.micro',
    MinCount: 1,
    MaxCount: 1,
  }));
} catch (error) {
  if (error.name === 'InvalidParameterValue') {
    console.error(`Invalid parameter: ${error.message}`);
  }
}

Validate parameters before calling API

import re

def validate_ami_id(ami_id):
    if not re.match(r'^ami-[0-9a-f]{8,17}$', ami_id):
        raise ValueError(f"Invalid AMI ID format: {ami_id}")

def validate_cidr(cidr):
    parts = cidr.split('/')
    if len(parts) != 2 or not (0 <= int(parts[1]) <= 32):
        raise ValueError(f"Invalid CIDR block: {cidr}")

CloudFormation: Fix invalid values in templates

# Validate your CloudFormation template
# aws cloudformation validate-template --template-body file://template.yaml

Resources:
  MyInstance:
    Type: AWS::EC2::Instance
    Properties:
      ImageId: !Ref AMIParameter  # Use parameters for region-specific values
      InstanceType: t3.micro
      SubnetId: !Ref SubnetId

Parameters:
  AMIParameter:
    Type: AWS::EC2::Image::Id
    Description: AMI ID for the instance

Related Errors

aws-validationexceptionaws-accessdenied