Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

DMS Service roles....

0

For setting up the DMS replication instance, the following two roles need to be created as per the AWS [https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole] - dms-vpc-role and dms-cloudwatch-logs-role. However, can the service roles be prefixed with some characters e.g. XYZ-dms-vpc-role and XYZ-dms-cloudwatch-logs-role or does it have to be exactly the same as outlined in the documentation?

Topics
Migration & ModernizationSecurity, Identity, & Compliance
Tags
AWS Database Migration ServiceIAM Policies
Language
English
asked 3 years ago6.7K views
2 Answers
2
Accepted Answer

If you will try to create the DMS replication instance without the dms-vpc-role you will get the following error:

The IAM Role arn:aws:iam::<accountId>:role/dms-vpc-role is not configured properly.

So to answer your question is yes, your AIM Roles need to have the exact same names. In the page you linked there are the instructions on how to create those roles https://docs.aws.amazon.com/dms/latest/userguide/security-iam.html#CHAP_Security.APIRole

AWS
answered 3 years ago
EXPERT
reviewed 2 years ago
1

Those roles names are mandatory: the DMS service code tries to assume them with this exact name with code close to https://docs.aws.amazon.com/cli/latest/reference/sts/assume-role.html

So, if you use another modified name, it will fail because the role name (or ARN which can be derived) of the assume by DMS will not exist.

EXPERT
answered 3 years ago
EXPERT
reviewed 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content