By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

DMS Data migration project unable to connect to source

0

I am having problems with DMS migration project not being able to connect to the source database. During tests in my development VPC everything ran smoothly but when I apply the exact same configuration to the production VPC it fails to connect. So this is my setup.

  1. Two subnets 10.0.200.0/24 and 10.0.201.0/24
  2. RDS subnet group configured to use the subnets above and database created in that subnet group.
  3. DMS Instance Profile subnet group also contains the same subnets and instance profile is setup to use that.
  4. Triple checked secret configuration and data providers are correct.

The DMS migration project fails with "Internal Failure" message and the last two log entries are

  • "Going to connect to source database: production-test ...."
  • "Connected to source database ...."

NOTE!. More than 2 minutes pass between these log entries. In the development VPC where this actually works the next line after connected to source prints the version of the database engine etc. and also the connection is established immediately it does not take 2 minutes.

I can confirm that when the DMS project starts up it

  1. Creates the necessary route in the route table associated with my subnets -> 192.168.0.0/24 to Local.
  2. Entries for inboud and outbound traffic are also automatically added to the security group(which is completely open for now) associated with the database and the instance profile for 192.168.0.0/24
  3. I also used reachability analyzer to confirm that the path between peering connection and DB IP address is good.

The only difference between my development and production VPCs is in how the CIDR's are set up. The development VPC contains just one entry 10.0.0.0/16

The production VPC though contains 3 in the following order

10.4.0.0/24

10.4.2.0/24

10.0.0.0/16

The route table associated with these subnets look like this

0.0.0.0/0 IGW

10.0.0.0/16 local

10.4.0.0/24 local

10.4.2.0/24 local

192.168.0.0/24 pcx-****

So the question is. Is there something wrong with the routing causing the connection to timeout? Could the production VPC CIDR's setup be the cause, seeing as the VPC was created with 10.4.0.0/24 then expanded by adding 10.0.0.0/16?

Update 1: Looking into the database logs we cannot even see a connection attempt to the database from the DMS Instance

  • Max Clements EXPERT
    8 months ago

    You should post your route tables on both sides, as well as your security groups on both sides (DB and DMS).

  • JPE
    8 months ago

    Thx for the response Max. The security group on my side allows all connections in and out. I don't have control of the other side as that is managed by the serverless migration project which automatically creates the peering connection and the adds the relevant route and security group entries as described in my post.

Topics
Migration & Modernization
Tags
AWS Database Migration Service
Language
English
JPE
asked 8 months ago291 views
1 Answer
0

I agree with max. It’s likely that there’s missing routes on the peered VPC for your Cidr range.

profile picture
EXPERT
Gary Mclean
answered 8 months ago
  • JPE
    8 months ago

    Seeing as that is not something I have control over I suppose that means that the next steps are opening a bug report or logging a support call with AWS?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content