Security Groups for AWS DMS
Question
I am trying to setup DMS between my on-prem db and cloud. When I try to setup the cloud instance doesn't seem to have necessary privileges to connect to on-prem db. Should I add the security groups in AWS to DMS Replication Instance or Target Database?
1 answers
solution1
0 2018-08-28 10:15:09
This maybe of use to you, it is not directly an answer but it will help you to diagnose it.
You need a security group on both the replication instance and the target database.
You will need to have your replication instance in a security group that can reach both the source and target.
I would start by confirming that your replication instance can reach the on premise source. Fire up a small ec2 instance in the same security group as you replication instance and confirm you can ping and telnet to the on prem source. Make sure you use telnet on the correct port, a failure is ok so long as it doesn't hang. If it hangs you have a firewall or security group issue. Following the ping and telnet tests I would check the flowlogs and confirm you have Accepted traffic going both ways on the correct port.
If this is a success you should be able to create a source endpoint to your on premise Database. Any issue your at this point again check your Flowlogs. After that make sure your on premise DB will accept remote connections and the user you are connecting with has authority to do so.
The target database security group will need to allow in traffic from your replication instance on the correct port. I'm not sure if the ping test will work but the telnet should. Again look for traffic in your flow logs you want accepts in both directions.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.