Home / server / Questions / 818956
Accepted
Bruno Bronosky
Asked: 2016-12-07 00:13:53 +0800 CST

How to you get an AWS client-token to use with `aws ec2 run-instances`?

  • 772

As described here https://aws.amazon.com/blogs/aws/new-amazon-ec2-feature-idempotent-instance-creation/ AWS CLI enforces idempotency of the aws ec2 run-instances --cli-input-json command. Unfortunately there is no documentation on how a client-token is generated.

I did find that there is a ClientToken field in the aws ec2 describe-instances results, but of course you still get the following error if you try to use one:

An error occurred (IdempotentParameterMismatch) when calling the RunInstances operation: Arguments on this idempotent request are inconsistent with arguments used in previous request(s).

How do I get a token to use with --client-token?

amazon-ec2 amazon-web-services aws-cli

1 Answers

  1. Best Answer

    You make one up!

    Putting any string < 64 chars will work. The describe call simply gives you back the client-token string used to create the instance

    The idea then is then you handle failures like this.

    1. Generate the client Token i.e. "Bobs instance"
    2. Make successful run instance call with client-token
    3. Something goes wrong on the client i.e. Script fails or times out
    4. Your code starts again and generates the same client token( the trick is making sure this happens)
    5. You get an a success but you actually get back the same response with same reservation-Id you got the first time you made the request and no second instance is created

    I suggest reading http://docs.aws.amazon.com/AWSEC2/latest/APIReference/Run_Instance_Idempotency.html for more info on idempotency.

    It's been ages since I coded this but I believe when I did it I had my workers use the SQS message ID as the client-token, so if my workers failed, or sqs delivered twice, I wouldn't leak instances.

    • 4