DMS - Opensearch service as target - Failed to connect to database Aurora Mysql.

0

Source System: Aurora MySQL

Target System: Amazon Opensearch Service

Middle man: AWS Database Migration Service

Hi,

I have a replication instance in AWS DMS which is using Aurora MySQL as the source and Opensearch Service as the target. Test connection is working with the Aurora MySQL, but not with Opensearch Service. I get the following error:

Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to connect to database.

Permission Defined in the policy:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "es:", "Resource": "arn:aws:es:{REGION}:{ACCOUNT_ID}:domain/{DOMAIN_NAME}/" }, { "Effect": "Allow", "Action": "dms:", "Resource": "" }, { "Effect": "Allow", "Action": [ "rds:DescribeDBInstances", "rds:DescribeDBClusters" ], "Resource": "*" } ] }

Trust Relationship:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "dms.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }

Opensearch service is having public access and having Fine-grained access control enabled. So I can access opensearch dashboard with userid and password.

Please suggest what can be done to solve the issue.

Regards, Sagar

1 Answer
0

I fixed it by

  • Un-Check Enable fine-grained access while creating opensearch service domain
  • Deploy it in a VPC instead of public. Because DMS supports only domains without fine-grained access control.
  • Edit access policy like below

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "" }, "Action": "es:", "Resource": "arn:aws:es:{region}:{account_id}:domain/{your_domain}/*" } ] }

Sagar
answered 10 months ago
profile picture
EXPERT
reviewed 6 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions