DMS Service roles....

0

For setting up the DMS replication instance, the following two roles need to be created as per the AWS [https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole] - dms-vpc-role and dms-cloudwatch-logs-role. However, can the service roles be prefixed with some characters e.g. XYZ-dms-vpc-role and XYZ-dms-cloudwatch-logs-role or does it have to be exactly the same as outlined in the documentation?

2 Answers
2
Accepted Answer

If you will try to create the DMS replication instance without the dms-vpc-role you will get the following error:

The IAM Role arn:aws:iam::<accountId>:role/dms-vpc-role is not configured properly.

So to answer your question is yes, your AIM Roles need to have the exact same names. In the page you linked there are the instructions on how to create those roles https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole

AWS
answered a year ago
profile picture
EXPERT
reviewed 2 months ago
1

Those roles names are mandatory: the DMS service code tries to assume them with this exact name with code close to https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html

So, if you use another modified name, it will fail because the role name (or ARN which can be derived) of the assume by DMS will not exist.

profile pictureAWS
EXPERT
answered a year ago
profile picture
EXPERT
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions