How do I resolve the "Creation of service was not idempotent" error that occurs when I create a new Amazon ECS service?

3 minute read
0

When I create a new Amazon Elastic Container Service (Amazon ECS) service, I receive the following error: "Creation of service was not idempotent."

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

The not idempotent error occurs when you create a service that has the same name as an existing service in the Amazon ECS database. To resolve this issue, take the following actions.

Make sure that you don't use an existing cluster name

If you try to create a cluster with the same name as an existing one, then you encounter one of the following errors:

"InvalidParameterException: Creation of service was not idempotent."

-or-

"Invalid request provided: CreateService error: Create service is not idempotent."

To resolve the error, make sure that there's not an existing service with the same name. If you recently deleted a service that had the same name, then verify that the service's state is DELETED.

Note: The not idempotent error can occur even if you delete the existing cluster because the cluster might still be in the deletion phase.

If the service is in the DEPROVISIONING state, then check whether any tasks in the service are stuck in deprovisioning. To see the status of all tasks in your cluster, run the DescribeTasks API. Or, complete the following steps:

  1. Open the Amazon ECS console.
  2. In the navigation page, choose Clusters.
  3. Select your cluster.
  4. Choose the Tasks tab.

Check the UpdateService API call for the deleted service to check whether the service is still active. Also, check the Delete Service API call for the "Service contains registered instances; delete the instances before deleting the service" reason. If the Delete Service API contains this reason, then delete the instance.

Recreate the deleted IAM role

If you use an AWS Identity and Access Management (IAM) role for a task, then you must first delete the task before you delete the role. The IAM role must be available throughout the lifecycle of the task. This includes resource deprovisioning.

If you deleted the IAM role first, then complete the following steps to recreate the role:

  1. To get the previous IAM role name, run the following describe-services command:
    aws ecs describe-services --cluster clustername --services servicename
    Note: Replace clustername with your cluster name and servicename with the service name.
  2. Recreate the IAM role with the same name. For information about required permissions, see Service-linked role permissions for Amazon ECS.

Note: To find information about the user that deleted the role, check the AWS CloudTrail DeleteRole event.

Create a new service with a different name

If you still can't create a new service with the same name as the deleted service, then create a new service with a different name.

Related information

CreateService

AWS OFFICIAL
AWS OFFICIALUpdated 12 days ago