How can I disable public access for an AWS Database Migration Service (AWS DMS) replication instance?
An AWS DMS replication instance can have one public IP address and one private IP address, just like an Amazon Elastic Compute Cloud (Amazon EC2) instance that has a public IP address.
To use a public IP address, choose the Publicly accessible option when you create your replication instance. Or specify the --publicly-accessible option when you create the replication instance using the AWS Command Line Interface (AWS CLI).
If you uncheck (disable) the box for Publicly accessible, then the replication instance has only a private IP address. As a result, the replication instance can communicate with a host that is in the same Amazon Virtual Private Cloud (Amazon VPC) and that can communicate with the private IP address. Or the replication instance can communicate with a host that is connected privately, for example, by VPN, VPC peering, or AWS Direct Connect.
After you create the replication instance, you can't modify the Publicly accessible option.
Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.
To disable public access to your replication instance, delete the replication instance and then recreate it. Before you can delete a replication instance, you must delete all the tasks that use the replication instance.
Instead of recreating the replication instance, you can change the subnets that are in the subnet group that is associated with the replication instance to private subnets. A private subnet is a subnet that isn't routed to an internet gateway. Instances in a private subnet can't communicate with a public IP address, even if they have a public IP address. For more information, see Setting up a network for a replication instance.
Working with an AWS DMS replication instance