Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

DMS Source Endpoint Connection Fail

0

Hi,

I am in the process of migrating data from one DocumentDB cluster to another DocumentDB cluster. I have created both clusters in the same VPC and same subnets. I have used secrets manager to authenticate loging into the database.

I created one replication instance that I am using for both source and target enpoints. My Target Endpoint works okay and is able to connect to the cluster, however, the Source Endpoint is failing with the following message:

Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to create new client connection Failed to connect to database., Application-Detailed-Message: Error verifying connection: 'Authentication failed.

I have tried everything I could and I can not find a resolution.

Hope you can help

Topics
Migration & ModernizationDatabaseSecurity, Identity, & Compliance
Tags
Amazon DocumentDBAWS Database Migration ServiceAWS Secrets Manager
Language
English
asked 2 months ago90 views
1 Answer
0

This error indicates an authentication issue when connecting to your source DocumentDB cluster. Since you're using AWS Secrets Manager for authentication and experiencing a connection failure specifically with the "Authentication failed" message, there are several areas to check:

  1. Verify the IAM role permissions:
  • Ensure the IAM role used by the DMS replication instance has the necessary permissions to access the secret in AWS Secrets Manager (secretsmanager:GetSecretValue permission for the specific secret ARN).
  • Double-check the policy attached to the role to confirm these permissions are granted.
  1. Check network connectivity:
  • Even though both clusters are in the same VPC and subnets, verify that the security group rules allow traffic between the replication instance and the source DocumentDB cluster.
  • Check network ACLs if applicable.
  1. Secrets Manager configuration:
  • Confirm that the secret in Secrets Manager contains the correct username and password for the source DocumentDB cluster.
  • Ensure the secret format matches what DMS expects.
  • If your VPC doesn't have direct access to Secrets Manager, you may need a VPC endpoint for Secrets Manager.
  1. Replication instance configuration:
  • Verify that the replication instance has the correct subnet group and security group assignments.

Since your target endpoint works correctly but the source fails with an authentication error, it's likely that there's either an issue with the specific secret used for the source endpoint or a permission issue when accessing that particular secret.
Sources
Replication Instance Fails to Connect to DMS Migration Endpoint | AWS re:Post
How to Solve This Error in AWS DMS Serverless? | AWS re:Post

answered 2 months ago
AWS
SUPPORT ENGINEER
reviewed 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content