diff --git a/packages/@aws-cdk/toolkit-lib/test/api/bootstrap/external-id.test.ts b/packages/@aws-cdk/toolkit-lib/test/api/bootstrap/bootstrap-template.test.ts
similarity index 73%
rename from packages/@aws-cdk/toolkit-lib/test/api/bootstrap/external-id.test.ts
rename to packages/@aws-cdk/toolkit-lib/test/api/bootstrap/bootstrap-template.test.ts
index 279e9b135..57b8a65ac 100644
--- a/packages/@aws-cdk/toolkit-lib/test/api/bootstrap/external-id.test.ts
+++ b/packages/@aws-cdk/toolkit-lib/test/api/bootstrap/bootstrap-template.test.ts
@@ -2,25 +2,25 @@ import { Bootstrapper } from '../../../lib/api/bootstrap';
 import type { IIoHost } from '../../../lib/api/io';
 import { asIoHelper } from '../../../lib/api/io/private';
 
-describe('ExternalId Protection Integration Test', () => {
-  let ioHost: IIoHost;
-  let ioHelper: any;
+let ioHost: IIoHost;
+let ioHelper: any;
+let template: any;
 
-  beforeEach(() => {
-    ioHost = {
-      notify: jest.fn(),
-      requestResponse: jest.fn(),
-    };
-    ioHelper = asIoHelper(ioHost, 'bootstrap');
-  });
-
-  test('bootstrap template denies AssumeRole with ExternalId by default', async () => {
-    // GIVEN
-    const bootstrapper = new Bootstrapper({ source: 'default' }, ioHelper);
+beforeEach(async () => {
+  ioHost = {
+    notify: jest.fn(),
+    requestResponse: jest.fn(),
+  };
+  ioHelper = asIoHelper(ioHost, 'bootstrap');
 
-    // WHEN
-    const template = await (bootstrapper as any).loadTemplate();
+  // GIVEN
+  const bootstrapper = new Bootstrapper({ source: 'default' }, ioHelper);
+  // WHEN
+  template = await (bootstrapper as any).loadTemplate();
+});
 
+describe('bootstrap template', () => {
+  test('denies AssumeRole with ExternalId by default', async () => {
     // THEN
     // Verify the parameter exists
     expect(template.Parameters.DenyExternalId).toMatchObject({
@@ -70,4 +70,8 @@ describe('ExternalId Protection Integration Test', () => {
       expect(stmt.Condition).toBeUndefined();
     }
   });
+
+  test('has the same values for BootstrapVersion Parameter and Output', async () => {
+    expect(template.Outputs.BootstrapVersion.Value).toEqual(template.Resources.CdkBootstrapVersion.Properties.Value);
+  });
 });
diff --git a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
index d7db66e2c..5f98cdad8 100644
--- a/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
+++ b/packages/aws-cdk/lib/api/bootstrap/bootstrap-template.yaml
@@ -813,6 +813,7 @@ Resources:
       Type: String
       Name:
         Fn::Sub: '/cdk-bootstrap/${Qualifier}/version'
+      # Also update this value below (see comment there)
       Value: '29'
 Outputs:
   BucketName:
@@ -844,5 +845,8 @@ Outputs:
   BootstrapVersion:
     Description: The version of the bootstrap resources that are currently mastered
       in this stack
-    Value:
-      Fn::GetAtt: [CdkBootstrapVersion, Value]
+    # This value is purposely duplicated here from the AWS::SSM::Parameter value we define above.
+    # {Fn::GetAtt} on an SSM Parameter is eventually consistent, and can fail with "parameter
+    # doesn't exist" even after just having been created. To reduce our deploy failure rate, we
+    # duplicate the value here and use a build-time test to ensure the two values are the same.
+    Value: '29'