Pre-migration preparation - AWS Prescriptive Guidance

Pre-migration preparation

The migration options that are covered in this guide require the following setup activities before you begin the migration:

  1. Install Db2 on Amazon EC2 and create an instance.

  2. Connect the on-premises network and AWS through a virtual private network connection (VPN) using AWS Site-to-Site VPN or through AWS Direct Connect.

  3. Use Amazon Simple Storage Service (Amazon S3), and provide access to an S3 bucket from Amazon EC2 and the on-premises server.

    Configure Db2 storage access, and use the DB2REMOTE identifier to connect Amazon EC2 to Amazon S3.

  4. Set up AWS Command Line Interface (AWS CLI) on Db2 servers on premises and on Amazon EC2.

  5. Create an AWS Identity and Access Management (IAM) user to send Db2 backup images and transaction logs to Amazon S3 from the on-premises server.


    This scenario requires IAM users with programmatic access and long-term credentials, which presents a security risk. To help mitigate this risk, we recommend that you provide these users with only the permissions they require to perform the task and that you remove these users after the AWS migration is completed. Access keys can be updated if necessary. For more information, see Updating access keys in the IAM user guide.

Tools used

  • AWS CLI – Use the aws s3 cp or aws s3 sync command to send files from the on-premises server to the Amazon S3 bucket. You will use the same commands to retrieve the files from the S3 bucket to Amazon EC2.

    • For the little-endian platform, these files are Db2 backup images and transaction logs.

    • For the big-endian platform, these are data files unloaded from user tables.

  • Db2 command line processor – The CATALOG STORAGE ACCESS command creates an alias for accessing Amazon S3 directly by using the INGEST, LOAD, BACKUP DATABASE, RESTORE DATABASE, and ROLLFORWARD DATABASE commands.