logo
Idempotency Support for Route Table and Network ACL Creation in Amazon VPC!

Idempotency Support for Route Table and Network ACL Creation in Amazon VPC!

Amazon VPN now supports idempotency for route table and network ACL creation.

Published Feb 9, 2024
Amazon VPN now supports idempotency for route table and network ACL creation. You can incorporate a retry mechanism in your creation workflow without creating duplicate resources.
When creating route tables and network ACLs using the AWS CLI or API, you can now specify a clientToken parameter (--client-token) to achieve idempotency.
"A client token is a unique, case-sensitive string of up to 64 ASCII characters."
Sample AWS CLI command:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
abhijit@AwsJunkie:~$ uuidgen
abf653c2-09a2-426d-bd2d-acaac0c98a28
abhijit@AwsJunkie:~$ aws ec2 create-route-table --vpc-id vpc-00c84bd9dcad1d728 --client-token abf653c2-09a2-426d-bd2d-acaac0c98a28
{
"RouteTable": {
"Associations": [],
"PropagatingVgws": [],
"RouteTableId": "rtb-0899b6226d3a3ef9a",
"Routes": [
{
"DestinationCidrBlock": "172.31.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-00c84bd9dcad1d728",
"OwnerId": "141035231386"
},
"ClientToken": "abf653c2-09a2-426d-bd2d-acaac0c98a28"
}
Now if we retry the RouteTable creation command using the same --client-token, it will return the same route table instead of creating a new one.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
abhijit@AwsJunkie:~$ aws ec2 create-route-table --vpc-id vpc-00c84bd9dcad1d728 --client-token abf653c2-09a2-426d-bd2d-acaac0c98a28
{
"RouteTable": {
"Associations": [],
"PropagatingVgws": [],
"RouteTableId": "rtb-0899b6226d3a3ef9a",
"Routes": [
{
"DestinationCidrBlock": "172.31.0.0/16",
"GatewayId": "local",
"Origin": "CreateRouteTable",
"State": "active"
}
],
"Tags": [],
"VpcId": "vpc-00c84bd9dcad1d728",
"OwnerId": "141035231386"
},
"ClientToken": "abf653c2-09a2-426d-bd2d-acaac0c98a28"
}
But if we retry with a different parameter (e.g. different VPC) and the same token, it will throw IdempotentParameterMismatch error.
1
2
3
abhijit@AwsJunkie:~$ aws ec2 create-route-table --vpc-id vpc-03683f950edba6643 --client-token abf653c2-09a2-426d-bd2d-acaac0c98a28

An error occurred (IdempotentParameterMismatch) when calling the CreateRouteTable operation: Wrong arguments for request with token abf653c2-09a2-426d-bd2d-acaac0c98a28
For a demo, check the video below.