Working with an AWS DMS replication instance - AWS Database Migration Service

Working with an AWS DMS replication instance

When you create an AWS DMS replication instance, AWS DMS creates it on an Amazon EC2 instance in a virtual private cloud (VPC) based on the Amazon VPC service. You use this replication instance to perform your database migration. By using a replication instance, you can get high availability and failover support with a Multi-AZ deployment when you choose the Multi-AZ option.

In a Multi-AZ deployment, AWS DMS automatically provisions and maintains a synchronous standby replica of the replication instance in a different Availability Zone. The primary replication instance is synchronously replicated across Availability Zones to a standby replica. This approach provides data redundancy, eliminates I/O freezes, and minimizes latency spikes.

             AWS Database Migration Service replication instance

AWS DMS uses a replication instance to connect to your source data store, read the source data, and format the data for consumption by the target data store. A replication instance also loads the data into the target data store. Most of this processing happens in memory. However, large transactions might require some buffering on disk. Cached transactions and log files are also written to disk.

You can create an AWS DMS replication instance in the following AWS Regions.

Region Name
Asia Pacific (Tokyo) Region ap-northeast-1
Asia Pacific (Seoul) Region ap-northeast-2
Asia Pacific (Mumbai) Region ap-south-1
Asia Pacific (Singapore) Region ap-southeast-1
Asia Pacific (Sydney) Region ap-southeast-2
Canada (Central) Region ca-central-1
China (Beijing) Region cn-north-1
China (Ningxia) Region cn-northwest-1
Europe (Stockholm) Region eu-north-1
EU (Frankfurt) Region eu-central-1
Europe (Ireland) Region eu-west-1
EU (London) Region eu-west-2
EU (Paris) Region eu-west-3
South America (São Paulo) Region sa-east-1
US East (N. Virginia) Region us-east-1
US East (Ohio) Region us-east-2
US West (N. California) Region us-west-1
US West (Oregon) Region us-west-2

AWS DMS supports a special AWS Region called AWS GovCloud (US) that is designed to allow US government agencies and customers to move sensitive workloads into the cloud. AWS GovCloud (US) addresses the US government's specific regulatory and compliance requirements. For more information about AWS GovCloud (US), see What is AWS GovCloud (US)?

Following, you can find out more details about replication instances.

Public and private replication instances

You can specify whether a replication instance has a public or private IP address that the instance uses to connect to the source and target databases.

A private replication instance has a private IP address that you can't access outside the replication network. You use a private instance when both source and target databases are in the same network that is connected to the replication instance's VPC. The network can be connected to the VPC by using a VPN, AWS Direct Connect, or VPC peering.

A VPC peering connection is a networking connection between two VPCs that enables routing using each VPC's private IP addresses as if they were in the same network. For more information about VPC peering, see VPC peering in the Amazon VPC User Guide.

Working with replication engine versions

The replication engine is the core AWS DMS software that runs on your replication instance and performs the migration tasks you specify. AWS periodically releases new versions of the AWS DMS replication engine software, with new features and performance improvements. Each version of the replication engine software has its own version number, to distinguish it from other versions.

When you launch a new replication instance, it runs the latest AWS DMS engine version unless you specify otherwise. For more information, see Working with an AWS DMS replication instance.

If you have a replication instance that is currently running, you can upgrade it to a more recent engine version. (AWS DMS doesn't support engine version downgrades.) For more information about replication engine versions, see AWS DMS release notes.

Upgrading the engine version using the console

You can upgrade an AWS DMS replication instance using the AWS Management Console.

To upgrade a replication instance using the console

  1. Open the AWS DMS console at

  2. In the navigation pane, choose Replication instances.

  3. Choose your replication engine, and then choose Modify.

  4. For Replication engine version, choose the version number you want, and then choose Modify.


Upgrading the replication instance takes several minutes. When the instance is ready, its status changes to available.

Upgrading the engine version using the AWS CLI

You can upgrade an AWS DMS replication instance using the AWS CLI, as follows.

To upgrade a replication instance using the AWS CLI

  1. Determine the Amazon Resource Name (ARN) of your replication instance by using the following command.

    aws dms describe-replication-instances \ --query "ReplicationInstances[*].[ReplicationInstanceIdentifier,ReplicationInstanceArn,ReplicationInstanceClass]"

    In the output, take note of the ARN for the replication instance you want to upgrade, for example: arn:aws:dms:us-east-1:123456789012:rep:6EFQQO6U6EDPRCPKLNPL2SCEEY

  2. Determine which replication instance versions are available by using the following command.

    aws dms describe-orderable-replication-instances \ --query "OrderableReplicationInstances[*].[ReplicationInstanceClass,EngineVersion]"

    In the output, note the engine version number or numbers that are available for your replication instance class. You should see this information in the output from step 1.

  3. Upgrade the replication instance by using the following command.

    aws dms modify-replication-instance \ --replication-instance-arn arn \ --engine-version n.n.n

    Replace arn in the preceding with the actual replication instance ARN from the previous step.

    Replace n.n.n with the engine version number that you want, for example: 2.2.1


Upgrading the replication instance takes several minutes. You can view the replication instance status using the following command.

aws dms describe-replication-instances \ --query "ReplicationInstances[*].[ReplicationInstanceIdentifier,ReplicationInstanceStatus]"

When the replication instance is ready, its status changes to available.

Setting an encryption key for a replication instance

AWS DMS encrypts the storage used by a replication instance and the endpoint connection information. To encrypt the storage used by a replication instance, AWS DMS uses a master key that is unique to your AWS account. You can view and manage this master key with AWS Key Management Service (AWS KMS). You can use the default master key in your account (aws/dms) or a custom master key that you create. If you have an existing AWS KMS encryption key, you can also use that key for encryption.

You can specify your own encryption key by supplying a KMS key identifier to encrypt your AWS DMS resources. When you specify your own encryption key, the user account used to perform the database migration must have access to that key. For more information on creating your own encryption keys and giving users access to an encryption key, see the AWS KMS Developer Guide.

If you don't specify a KMS key identifier, then AWS DMS uses your default encryption key. KMS creates the default encryption key for AWS DMS for your AWS account. Your AWS account has a different default encryption key for each AWS Region.

To manage the keys used for encrypting your AWS DMS resources, you use KMS. You can find KMS in the AWS Management Console by choosing Identity & Access Management on the console home page and then choosing Encryption Keys on the navigation pane.

KMS combines secure, highly available hardware and software to provide a key management system scaled for the cloud. Using KMS, you can create encryption keys and define the policies that control how these keys can be used. KMS supports AWS CloudTrail, so you can audit key usage to verify that keys are being used appropriately. Your KMS keys can be used in combination with AWS DMS and other supported AWS services. Supported AWS services include Amazon RDS, Amazon S3, Amazon Elastic Block Store (Amazon EBS), and Amazon Redshift.

When you have created your AWS DMS resources with a specific encryption key, you can't change the encryption key for those resources. Make sure to determine your encryption key requirements before you create your AWS DMS resources.