AWS Database Migration Service
User Guide (Version API Version 2016-01-01)

Security for AWS Database Migration Service

AWS Database Migration Service (AWS DMS) uses several processes to secure your data during migration. The service encrypts the storage used by your replication instance and the endpoint connection information using an AWS Key Management Service (AWS KMS) key that is unique to your AWS account. Secure Sockets Layer (SSL) is supported. AWS Database Migration Service also requires that you have the appropriate permissions if you sign in as an AWS Identity and Access Management (IAM) user.

The VPC based on the Amazon Virtual Private Cloud (Amazon VPC) service that you use with your replication instance must be associated with a security group that has rules that allow all traffic on all ports to leave (egress) the VPC. This approach allows communication from the replication instance to your source and target database endpoints, as long as correct ingress is enabled on those endpoints.

If you want to view database migration logs, you need the appropriate Amazon CloudWatch Logs permissions for the IAM role you are using.