By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Issue when creating DMS endpoint to connect with MSK using Mutual TLS authentication

0

I have setup DMS to connect to MySQL database as the source and Kafka as target.

I tested the source and target flow without TLS authentication works fine.Now I want to setup DMS with Kafka endpoint using TLS authentication.

I tried out this link to check if I am able to connect using TLS authentication to Kafka cluster using the certificates generated, which worked. I used this with Glue as well and the connectivity works.

Now for DMS, I followed the steps provided here ( Section: Using SSL authentication ). But when I test the endpoint I get the error: Test failed due to KMS key Exception : No permission to access Key 'arn:aws:kms:ap-southeast-2:xxxxxxxxxxxx:key/xxxxxxxxxxxxx'. The KMS key here is the default key that DMS creates when we launch a replication instance. I tried using a CMK for DMS and created the endpoint using this KMS key. But it did not work. In this case, the endpoint errored out saying it could not connect to Kafka. Not really sure what the issue is. Has anyone come across this issue?

Topics
Migration & ModernizationAnalytics
Tags
AWS Database Migration ServiceAmazon Managed Streaming for Apache Kafka (Amazon MSK)
Language
English
AWS
AWS-User-9852321
asked 2 years ago1594 views
1 Answer
0

Hi, It's seems that your DMS instance is assuming an IAM Role with some missing authorization to access your KMS key. Did you already try to update your IAM role and allow access to your Key ARN ? Hope it helps.

aaagius
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content