Why can't I see CloudWatch logs for an AWS DMS task?

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Turn on CloudWatch Logs for your task

Turn on CloudWatch Logs for your task. To turn on CloudWatch Logs, your task must be in a Stopped or Failed state.

Confirm or create your IAM role

If CloudWatch Logs is turned on for your task and you can't view the logs, then review your AWS Identity and Access Management (IAM) role. Confirm that dms-cloudwatch-logs-role is listed. If the role isn't listed, then create one.

If you used the AWS CLI to create the task or your account doesn't have sufficient permissions, then use the AWS CLI to create the role. Or, complete the following steps in the IAM console:

1.    Open the IAM console.

2.    In the navigation pane, choose Roles.

3.    Choose Create role.

4.    From Select type of trusted entity, choose AWS service to allow the AWS service to perform actions for you.

5.    To create the following trust relationship policy so that AWS DMS can assume the role, choose DMS for Choose a use case. 

{  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
           "Service": "dms.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

5.    Choose Next: Permissions.

6.    Enter AmazonDMSCloudWatchLogsRole in the search field. Then, choose the policy to grant AWS DMS access to CloudWatch.

7.    Choose Next: Tags.

8.    (Optional) Use tags as key-value pairs to add metadata to the role.

9.    Choose Next: Review.

10.    For Role name, enter dms-cloudwatch-logs-role.
Note: The dms-cloudwatch-logs-role role name is case sensitive. Enter the role name in lower case.

11.    Add or edit Role description.

12.    Chose Create role.

Related information

Monitoring AWS DMS tasks