By using AWS re:Post, you agree to the Terms of Use
/DMS - Elasticsearch as target - Failed to connect to database./

DMS - Elasticsearch as target - Failed to connect to database.

0

Hi,

I have a replication instance in AWS DMS which is using DocumentDB as the source and Elasticsearch as the target. Test connection is working with the DocumentDB, but not with ElasticSearch. I get the following error:

Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to connect to database.

Here is what I have done:
Created a role which I have used in the Endpoint for ES, arn:aws:iam::XXX:role/DMS-ES-Access
The above role has the following trust relationship:

{  
  "Version": "2012-10-17",  
  "Statement": \[  
    {  
      "Sid": "1",  
      "Effect": "Allow",  
      "Principal": {  
        "Service": "dms.amazonaws.com"  
      },  
      "Action": "sts:AssumeRole"  
    }  
  ]  
}  

And the following policy:

{  
    "Version": "2012-10-17",  
    "Statement": \[  
        {  
            "Effect": "Allow",  
            "Action": \[  
                "es:ESHttpDelete",  
                "es:ESHttpGet",  
                "es:ESHttpHead",  
                "es:ESHttpPost",  
                "es:ESHttpPut"  
            ],  
            "Resource": "*"  
        }  
    ]  
}  

In the elasticsearch cluster, the access policy was modified to include the above role:

{  
  "Version": "2012-10-17",  
  "Statement": \[  
    ....  
    {  
      "Effect": "Allow",  
      "Principal": {  
        "AWS": "arn:aws:iam::XXX:role/DMS-ES-Access"  
      },  
      "Action": "es:*",  
      "Resource": "arn:aws:es:us-east-1:XXX:domain/YYY/*"  
    },  
    ...  
  ]  
}  

The replication instance is in a public subnet with internet access and a public ip.

Please help.

1 Answers
0

Just figured it out, 10 mins after posting this, lol. It was because of a trailing "/" in the ES endpoint, apparently DMS didn't like that.

AWS team, please add a validation in the UI for the trailing "/", it will save a lot of time.

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions