How do I turn off public access for an AWS DMS replication DB instance?

2 minute read

I want to turn off public access for an AWS Database Migration Service (AWS DMS) replication instance.

Short description

An AWS DMS replication instance can have one public IP address and one private IP address. This is similar to an Amazon Elastic Compute Cloud (Amazon EC2) instance that has a public IP address.

To use a public IP address, choose the Publicly accessible option when you create your replication instance. Or, specify the --publicly-accessible option when you use the AWS Command Line Interface (AWS CLI) to create the replication instance.

If you clear the check box for Publicly accessible, then the replication instance has only a private IP address. As a result, the replication instance can communicate with a host that's in the same Amazon Virtual Private Cloud (Amazon VPC). The host then communicates with the private IP address. Or, the replication instance can communicate with a host that's privately connected, such as by virtual private network (VPN), VPC peering, or AWS Direct Connect.

After you create the replication instance, you can't modify the Publicly accessible option.


Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

To turn off public access to your replication instance, delete the replication instance, and then recreate it. Before you can delete a replication instance, you must delete all the tasks that use the replication instance.

Rather than recreate the replication instance, change the subnets that are in the subnet group that's associated with the replication instance to private subnets. Instances in a private subnet can't communicate with a public IP address, even if they have a public IP address. For more information, see Setting up a network for a replication instance.

Related information

Working with an AWS DMS replication instance

AWS OFFICIALUpdated 5 months ago