Manage AWS DMS endpoint credentials with AWS Secrets Manager for target endpoint as Amazon Documentdb.

Question

When configuring AWS DMS endpoints for Amazon DocumentDB (with MongoDB compatibility) using AWS secrets manager, test connection fails with authentication error. While providing the connection details manually for target documentdb during endpoint creation it works perfectly fine. We made sure secrets manager is created perfectly for Amazon DocumentDB (with MongoDB compatibility) with all the required information.

![Test connection error using AWS secrets manager:](/media/postImages/original/IMnlLrUCZmSDSX5xuE4vIwlw)

During investigating the above error in Amazon Documentdb audit log we found it doesn't use correct user details. Instead of taking correct username it shows user as "SECRETS_MANAGER_SECRET_VALUE_STUB". Error from audit log is as below:
```
"param": { "user": "SECRETS_MANAGER_SECRET_VALUE_STUB", "mechanism": "SCRAM-SHA-1", "success": false, "message": "User does not exist", "error": 18 } }
```

Seems like a bug in DMS endpoint creation for Amazon Documentdb (with MongoDB compatibility) using AWS Secrets Manager

Note: Our setup works perfectly for AWS RDS postgres databases. However it creates an issue for Amazon Documentdb only.

Answer

Hi, I did the following steps and got it working correctly. Don't think there is a bug.    
1> Create a document db cluster.   
2> Created a secret with the option "Credentials for Amazon DocumentDB database".   
3> Created a DMS replication instance in the same vpc and az where the document db cluster is created.  
4> Created an DMS endpoint and ran a test connection using the Replication instance.   
5> The test was successful.    
Pls refer to the following video https://www.youtube.com/watch?v=6daFZWPKtWA

Manage AWS DMS endpoint credentials with AWS Secrets Manager for target endpoint as Amazon Documentdb.

Relevant content