AWS announces AWS Interconnect – multicloud (preview), providing simple, resilient, high-speed private connections to other cloud service providers. AWS Interconnect - multicloud is easy to configure and provides high-speed, resilient connectivity with dedicated bandwidth, enabling customers to interconnect AWS networking services such as AWS Transit Gateway, AWS Cloud WAN, and Amazon VPC to other cloud service providers with ease.
Issue when creating DMS endpoint to connect with MSK using Mutual TLS authentication
I have setup DMS to connect to MySQL database as the source and Kafka as target.
I tested the source and target flow without TLS authentication works fine.Now I want to setup DMS with Kafka endpoint using TLS authentication.
I tried out this link to check if I am able to connect using TLS authentication to Kafka cluster using the certificates generated, which worked. I used this with Glue as well and the connectivity works.
Now for DMS, I followed the steps provided here ( Section: Using SSL authentication ). But when I test the endpoint I get the error: Test failed due to KMS key Exception : No permission to access Key 'arn:aws:kms:ap-southeast-2:xxxxxxxxxxxx:key/xxxxxxxxxxxxx'. The KMS key here is the default key that DMS creates when we launch a replication instance.
I tried using a CMK for DMS and created the endpoint using this KMS key. But it did not work. In this case, the endpoint errored out saying it could not connect to Kafka.
Not really sure what the issue is. Has anyone come across this issue?
- Language
- English
- Newest
- Most votes
- Most comments
Hi, It's seems that your DMS instance is assuming an IAM Role with some missing authorization to access your KMS key. Did you already try to update your IAM role and allow access to your Key ARN ? Hope it helps.
Relevant content
- asked 2 years ago
- AWS OFFICIALUpdated 2 years ago
