Rehost SQL server on Amazon EC2 - AWS Migration Hub Orchestrator

Rehost SQL server on Amazon EC2

With Rehost SQL server on Amazon EC2 template, you can rehost your SQL servers on-premises to Amazon EC2 using native backup and restore. You can also migrate databases that are encrypted with transparent data encryption.


This template must be used along with AWS Direct Connect. To use the template without AWS Direct Connect, send us an email at with your AWS account number and AWS Region where you have registered the Migration Hub Orchestrator plugin.


You must set up the source and target environments before creating a migration workflow.

Source environment setup

  • When configuring the Migration Hub Orchestrator plugin, ensure that the username that is provided to connect to your Windows machine has the SYSAdmin permission on the SQL server instance.

  • Ensure that PowerShell is enabled on the server that contains your SQL server instance.

  • Install AWS.Tools on the server that contains your SQL server instance, with the following command.

    Install-Module -Name AWS.Tools.Installer

    For more information, see What are AWS Tools for PowerShell?

  • Create an IAM policy with the following permissions.

    { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject", "kms:GenerateDataKey", "kms:CreateKey" ], "Resource": "*" } ] }
  • Configure a name profile for AWS Command Line Interface that uses the preceding IAM user. For more information, see Using AWS credentials.

  • Install the DBA.Tools module on your Windows machine, with the following command.

    Cmd: Install-Module dbatools

Target environment setup

  • (Optional)If you want to use BYOL for SQL server, use AWS VM Import/Export to import your VM image.

  • (Optional) Use AWS Launch Wizard to deploy your target SQL server.

    • Launch Wizard attaches the AmazonEC2RoleForLaunchWizard instance role by default when creating the target environment.

    • After creating the target environment with Launch Wizard, attach the AWSMigrationHubOrchestratorInstanceRolePolicy managed policy to AmazonEC2RoleForLaunchWizard. For more information, see AWS managed policies for Migration Hub Orchestrator.

  • If you are not using Launch Wizard to create your target environment, attach the AWSMigrationHubOrchestratorInstanceRolePolicy managed policy to your instance role.

  • Add the following permissions to your instance role.

    { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "s3:GetObject", "kms:Decrypt", "s3:ListAllMyBuckets", "s3:ListBucket" ], "Resource": "*" } ] }
  • Create a username in your target SQL server with SYSAdmin permission.

  • Provide credentials in AWS Secrets Manager for the username created in your target SQL server.

    1. Sign in to

    2. On the AWS Secrets Manager page, select Store a new secret.

    3. For Secret type, select Other type of secret and enter the following keys.

      • username - enter your username

      • password - enter your password

    4. Select Next and enter a name for the key pair beginning with migrationhub-orchestrator-secretname123.


      The Secret ID must begin with the prefix migrationhub-orchestrator- and must only be followed by an alphanumeric value.

    5. Select Next and then, select Store.

Create a migration workflow

  1. Go to, and select Create migration workflow.

  2. On Choose a workflow template page, select Rehost SQL server on Amazon EC2 template.

  3. Configure and submit your workflow to begin migration.


Enter a name for your workflow. Optionally, you can enter a description and add tags. If you intend to run multiple migrations, we recommend adding tags to enhance searchability. For more information, see Tagging AWS resources.


Select the application you want to migrate. For more information, see Define applications.