ap-northeast-3: Template format error: Unrecognized resource types: [AWS::CDK::Metadata]

[Luchiap]

Describe the bug

I can't deploy a region-agnostic template to ap-northeast-3 because CloudFormation complains the AWS::CDK::Metadata resource is unknown.

Given a sample template which deploy a stackset that uses AWS::CDK::Metadata resource, it fails with error :
Template format error: Unrecognized resource types: [AWS::CDK::Metadata]
Adding the conditions section does not solve the issue.

Expected Behavior

I expect the deployment to succeed for the specified region.

Current Behavior

Deployment fails with error 'Template format error: Unrecognized resource types: [AWS::CDK::Metadata]'

Reproduction Steps

Sample cdk script to reproduce the error. Deploy this template from ap-northeast-3. Change organizational unit deploymentTargets to an OU of your organization.
Run command:

• cdk deploy

import { Duration, Stack, StackProps, CfnOutput  } from 'aws-cdk-lib';
import * as sns from 'aws-cdk-lib/aws-sns';
import * as subs from 'aws-cdk-lib/aws-sns-subscriptions';
import * as sqs from 'aws-cdk-lib/aws-sqs';
import * as cfn from 'aws-cdk-lib/aws-cloudformation';
import { Construct } from 'constructs';
import * as region_info from '@aws-cdk/region-info';



export class CdkTypescriptRegioncheckStack extends Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id, props);

    const templatebodystring = `
    {
      "AWSTemplateFormatVersion": "2010-09-09",
      "Resources": {
          "RESOURCEA": {
              "Type": "AWS::EC2::TransitGateway",
              "Properties": {
                  "Description": "RESOURCEA",
                  "Tags": [
                      {
                          "Key": "TagResourceChanged1",
                          "Value": "StringResourceChanged1"
                      }
                  ]
              }
          },
          "CDKMetadata": {
              "Type": "AWS::CDK::Metadata",
              "Properties": {
                  "Analytics": "v2:deflate64:H4sIAAAAAAAA/1WOSw7CMAxEz8I+NV8J9r0AtOxR66SS+4lLnIBQlbvTtBISG3tm/KTxAc5H2G2qt2Sou6ynGqbSV9ipOXpM8hSYbsEEo/LGrmKZV+4JP79wtVGJnfky1IKORk9sE/Hn7zwSpnQRUWHPQTfshiqdIeGpvjQ+JqowwsHhUp+z1ZSoqCxrA61sX/sLnOb/WyHKXLCeBgPFur+KJtUo2wAAAA=="
              },
              "Condition": "CDKMetadataAvailable"
          } 
      },
      "Conditions": {
        "CDKMetadataAvailable": {
         "Fn::Or": [
          {
           "Fn::Or": [
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "af-south-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "ap-east-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "ap-northeast-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "ap-northeast-2"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "ap-south-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "ap-southeast-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "ap-southeast-2"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "ca-central-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "cn-north-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "cn-northwest-1"
             ]
            }
           ]
          },
          {
           "Fn::Or": [
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "eu-central-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "eu-north-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "eu-south-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "eu-west-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "eu-west-2"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "eu-west-3"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "me-south-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "sa-east-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "us-east-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "us-east-2"
             ]
            }
           ]
          },
          {
           "Fn::Or": [
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "us-west-1"
             ]
            },
            {
             "Fn::Equals": [
              {
               "Ref": "AWS::Region"
              },
              "us-west-2"
             ]
            }
           ]
          }
         ]
        }
       }
    }`;
    const cfnStackSet = new cfn.CfnStackSet(this, 'MyCfnStackSet', {
      permissionModel: 'SERVICE_MANAGED',
      stackInstancesGroup: [{
        deploymentTargets: {
          organizationalUnitIds: ['ou-umcs-42d7fwgs'],
        },
        regions: ['ap-northeast-3'],
      }],
      autoDeployment: {
        enabled: true,
        retainStacksOnAccountRemoval: false
      },
      stackSetName: 'stacksettest1',
      // templateUrl: 'https://cdkstacksetinformation339.s3.ap-northeast-3.amazonaws.com/tagggateway.yaml',
      templateBody: templatebodystring
    });
  }
}

Possible Solution

Current workaround is to disable version reporting [1] in its entirety. Remove section that has AWS::CDK::Metadata resource.
Then modify the cdk.json to include "versionReporting": false, or run command cdk deploy --no-version-reporting

References:
[1] https://docs.aws.amazon.com/cdk/v2/guide/cli.html#version_reporting

Additional Information/Context

No response

CDK CLI Version

2.73.0

Framework Version

No response

Node.js Version

18.4.0

OS

Windows 10

Language

Typescript

Language Version

No response

Other information

No response

[pahud]

Hi

Is this region specific? Have you tried other regions such as ap-northeast-1?

[Luchiap]

It's based on regions that support AWS::CDK::Metadata, you can use https://docs.aws.amazon.com/cdk/api/v2/docs/@aws-cdk_region-info.RegionInfo.html to check for which regions support it.
The conditions section is used to prevent the issue. However, when using stacksets the conditions don't work as they should.
The conditions section is something that's generated by default when deploying from cdk.

[peterwoodworth]

Stackset validation appears to work a bit differently. It seems CloudFormation will see that there is an AWS::CDK::Metadata resource specified in your template that is going to be deployed to ap-northeast-3, and it will fail regardless of the conditional.

You could also fix this by setting the stack environment to ap-northeast-3 when synthesizing the hardcoded template - it wouldn't contain any metadata resource in that case