Amazon VPC

Idempotency Support for Route Table and Network ACL Creation in Amazon VPC!

Abhijit Ghosh
· 1 min read
Idempotency Support for Route Table and Network ACL Creation in Amazon VPC!

Amazon VPN now supports idempotency for route table and network ACL creation. You can incorporate a retry mechanism in your creation workflow without creating duplicate resources.

When creating route tables and network ACLs using the AWS CLI or API, you can now specify a clientToken parameter (--client-token) to achieve idempotency.

ℹ️
A client token is a unique, case-sensitive string of up to 64 ASCII characters.

Sample AWS CLI command:

abhijit@AwsJunkie:~$ uuidgen
abf653c2-09a2-426d-bd2d-acaac0c98a28
abhijit@AwsJunkie:~$ aws ec2 create-route-table --vpc-id vpc-00c84bd9dcad1d728 --client-token abf653c2-09a2-426d-bd2d-acaac0c98a28
{
    "RouteTable": {
        "Associations": [],
        "PropagatingVgws": [],
        "RouteTableId": "rtb-0899b6226d3a3ef9a",
        "Routes": [
            {
                "DestinationCidrBlock": "172.31.0.0/16",
                "GatewayId": "local",
                "Origin": "CreateRouteTable",
                "State": "active"
            }
        ],
        "Tags": [],
        "VpcId": "vpc-00c84bd9dcad1d728",
        "OwnerId": "141035231386"
    },
    "ClientToken": "abf653c2-09a2-426d-bd2d-acaac0c98a28"
}

Now if we retry the RouteTable creation command using the same --client-token, it will return the same route table instead of creating a new one.

abhijit@AwsJunkie:~$ aws ec2 create-route-table --vpc-id vpc-00c84bd9dcad1d728 --client-token abf653c2-09a2-426d-bd2d-acaac0c98a28
{
    "RouteTable": {
        "Associations": [],
        "PropagatingVgws": [],
        "RouteTableId": "rtb-0899b6226d3a3ef9a",
        "Routes": [
            {
                "DestinationCidrBlock": "172.31.0.0/16",
                "GatewayId": "local",
                "Origin": "CreateRouteTable",
                "State": "active"
            }
        ],
        "Tags": [],
        "VpcId": "vpc-00c84bd9dcad1d728",
        "OwnerId": "141035231386"
    },
    "ClientToken": "abf653c2-09a2-426d-bd2d-acaac0c98a28"
}

But if we retry with a different parameter (e.g. different VPC) and the same token, it will throw IdempotentParameterMismatch error. 

abhijit@AwsJunkie:~$ aws ec2 create-route-table --vpc-id vpc-03683f950edba6643 --client-token abf653c2-09a2-426d-bd2d-acaac0c98a28

An error occurred (IdempotentParameterMismatch) when calling the CreateRouteTable operation: Wrong arguments for request with token abf653c2-09a2-426d-bd2d-acaac0c98a28

For a demo, check the below video.

Related Articles

Use "Public IP Insights" [new feature] to optimize usage of chargeable public IPv4 address

Use "Public IP Insights" [new feature] to optimize usage of chargeable public IPv4 address

· 2 min read