Creating source and target endpoints - AWS Database Migration Service

Creating source and target endpoints

You can create source and target endpoints when you create your replication instance or you can create endpoints after your replication instance is created. The source and target data stores can be on an Amazon Elastic Compute Cloud (Amazon EC2) instance, an Amazon Relational Database Service (Amazon RDS) DB instance, or an on-premises database. (Note that one of your endpoints must be on an AWS service. You can't use AWS DMS to migrate from an on-premises database to another on-premises database.)

The procedure following assumes that you have chosen the AWS DMS console wizard. Note that you can also do this step by selecting Endpoints from the AWS DMS console's navigation pane and then selecting Create endpoint. When using the console wizard, you create both the source and target endpoints on the same page. When not using the console wizard, you create each endpoint separately.

To specify source or target database endpoints using the AWS console

  1. On the Connect source and target database endpoints page, specify your connection information for the source or target database. The table following describes the settings.

    For this option Do this

    Endpoint type

    Choose whether this endpoint is the source or target endpoint.

    Select RDS DB Instance

    Choose this option if the endpoint is an Amazon RDS DB instance.

    Endpoint identifier

    Type the name you want to use to identify the endpoint. You might want to include in the name the type of endpoint, such as oracle-source or PostgreSQL-target. The name must be unique for all replication instances.

    Source engine and Target engine

    Choose the type of database engine that is the endpoint.

    Access to endpoint database

    Choose the option you want to use to specify endpoint database credentials:

    Choose AWS Secrets Manager Set the secret credentials following.

    Secret ID

    Type the full Amazon Resource Name (ARN), partial ARN, or friendly name of a secret that you have created in the AWS Secrets Manager for endpoint database access.

    IAM role

    Type the ARN of a secret access role that you have created in IAM to provide AWS DMS access on your behalf to the secret identified by Secret ID.

    Secret ID for Oracle automatic storage management (ASM)

    (For Oracle source endpoints using Oracle ASM only) Type the full Amazon Resource Name (ARN), partial ARN, or friendly name of a secret that you have created in the AWS Secrets Manager for Oracle ASM access. This secret is typically created to access Oracle ASM on the same server as the secret identified by Secret ID.

    IAM role for Oracle ASM

    (For Oracle source endpoints using Oracle ASM only) Type the ARN of a secret access role that you have created in IAM to provide AWS DMS access on your behalf to the secret identified by Secret ID for Oracle automatic storage management (ASM).

    Secure Socket Layer (SSL) mode

    Choose an SSL mode if you want to enable connection encryption for this endpoint. Depending on the mode you select, you might be asked to provide certificate and server certificate information.

    Provide access information manually Set the clear-text credentials following.

    Server name

    Type the server name. For an on-premises database, this can be the IP address or the public hostname. For an Amazon RDS DB instance, this can be the endpoint (also called the DNS name) for the DB instance, such as mysqlsrvinst.abcd12345678.us-west-2.rds.amazonaws.com.

    Port

    Type the port used by the database.

    Secure Socket Layer (SSL) mode

    Choose an SSL mode if you want to enable connection encryption for this endpoint. Depending on the mode you select, you might be asked to provide certificate and server certificate information.

    User name

    Type the user name with the permissions required to allow data migration. For information on the permissions required, see the security section for the source or target database engine in this user guide.

    Password

    Type the password for the account with the required permissions. Passwords for AWS DMS source and target endpoints have character restrictions, depending on the database engine. For more information, see the table following.

    Database name

    For certain database engines, the name of the database you want to use as the endpoint database.

    The table following lists the unsupported characters in endpoint passwords for the listed database engines. If you want to use commas (,) in your endpoint passwords, use the Secrets Manager support provided in AWS DMS to authenticate access to your AWS DMS instances. For more information, see Using secrets to access AWS Database Migration Service endpoints.

    For this database engine The characters following are unsupported in an endpoint password

    Microsoft Azure, as a source only

    ;

    Microsoft SQL Server

    , ;

    MySQL-compatible, including MySQL, MariaDB, and Amazon Aurora MySQL

    ;
    Oracle ,

    PostegreSQL, Amazon Aurora PostgreSQL-Compatible Edition, and Amazon Aurora Serverless as a target only for Aurora PostgreSQL-Compatible Edition

    ; + %

    Amazon Redshift, as a target only

    , ;
  2. Choose the Advanced tab to set values for Extra connection attributes and KMS master key if you need them. You can test the endpoint connection by choosing Run test. The following table describes the settings.

    For this option Do this

    Extra connection attributes

    Type any additional connection parameters here. For more information about extra connection attributes, see the documentation section for your Source engine or Target engine (specified in step 1).

    For an Oracle source endpoint that uses Oracle ASM, if you choose Provide access information manually in step 1, you might also need to type in extra connection attributes to specify Oracle ASM user credentials. For more information on these Oracle ASM extra connection attributes, see Using Oracle LogMiner or AWS DMS Binary Reader for CDC.

    KMS master key

    Choose the encryption key to use to encrypt replication storage and connection information. If you choose (Default) aws/dms, the default AWS Key Management Service (AWS KMS) key associated with your account and AWS Region is used. For more information on using the encryption key, see Setting an encryption key and specifying AWS KMS permissions.

    Test endpoint connection (optional)

    Add the VPC and replication instance name. To test the connection, choose Run test.