Creating source and target endpoints
You can create source and target endpoints when you create your replication instance or you can create endpoints after your replication instance is created. The source and target data stores can be on an Amazon Elastic Compute Cloud (Amazon EC2) instance, an Amazon Relational Database Service (Amazon RDS) DB instance, or an on-premises database. (Note that one of your endpoints must be on an AWS service. You can't use AWS DMS to migrate from an on-premises database to another on-premises database.)
The following procedure assumes that you have chosen the AWS DMS console wizard. Note that you can also do this step by selecting Endpoints from the AWS DMS console's navigation pane and then selecting Create endpoint. When using the console wizard, you create both the source and target endpoints on the same page. When not using the console wizard, you create each endpoint separately.
To specify source or target database endpoints using the AWS console
-
On the Connect source and target database endpoints page, specify your connection information for the source or target database. The following table describes the settings.
For this option Do this Endpoint type
Choose whether this endpoint is the source or target endpoint.
Select RDS DB Instance
Choose this option if the endpoint is an Amazon RDS DB instance.
Endpoint identifier
Type the name you want to use to identify the endpoint. You might want to include in the name the type of endpoint, such as
oracle-source
orPostgreSQL-target
. The name must be unique for all replication instances.Source engine and Target engine
Choose the type of database engine that is the endpoint.
Access to endpoint database
Choose the option you want to use to specify endpoint database credentials:
-
Choose AWS Secrets Manager – Use secrets defined in AWS Secrets Manager to secretly provide your credentials as shown following. For more information on creating these secrets and the secret access roles that enable AWS DMS to access them, see Using secrets to access AWS Database Migration Service endpoints.
-
Provide access information manually – Use clear-text credentials that you enter directly as shown following.
Choose AWS Secrets Manager Set the following secret credentials. Secret ID
Type the full Amazon Resource Name (ARN), partial ARN, or friendly name of a secret that you have created in the AWS Secrets Manager for endpoint database access.
IAM role
Type the ARN of a secret access role that you have created in IAM to provide AWS DMS access on your behalf to the secret identified by Secret ID. For information about creating a secret access role, see Using secrets to access AWS Database Migration Service endpoints.
Secret ID for Oracle automatic storage management (ASM)
(For Oracle source endpoints using Oracle ASM only) Type the full Amazon Resource Name (ARN), partial ARN, or friendly name of a secret that you have created in the AWS Secrets Manager for Oracle ASM access. This secret is typically created to access Oracle ASM on the same server as the secret identified by Secret ID.
IAM role for Oracle ASM
(For Oracle source endpoints using Oracle ASM only) Type the ARN of a secret access role that you have created in IAM to provide AWS DMS access on your behalf to the secret identified by Secret ID for Oracle automatic storage management (ASM).
Provide access information manually Set the following clear-text credentials. Server name
Type the server name. For an on-premises database, this can be the IP address or the public hostname. For an Amazon RDS DB instance, this can be the endpoint (also called the DNS name) for the DB instance, such as
mysqlsrvinst.abcd12345678.us-west-2.rds.amazonaws.com
.Port
Type the port used by the database.
Secure Socket Layer (SSL) mode
Choose an SSL mode if you want to enable connection encryption for this endpoint. Depending on the mode you select, you might be asked to provide certificate and server certificate information.
User name
Type the user name with the permissions required to allow data migration. For information on the permissions required, see the security section for the source or target database engine in this user guide.
Password
Type the password for the account with the required permissions. Passwords for AWS DMS source and target endpoints have character restrictions, depending on the database engine. For more information, see the following table.
Database name
For certain database engines, the name of the database you want to use as the endpoint database.
The following table lists the unsupported characters in endpoint passwords and secret manager secrets for the listed database engines. If you want to use commas (,) in your endpoint passwords, use the Secrets Manager support provided in AWS DMS to authenticate access to your AWS DMS instances. For more information, see Using secrets to access AWS Database Migration Service endpoints.
For this database engine The following characters are unsupported in an endpoint password and secret manager secrets All
{ }
Microsoft Azure, as a source only
;
Microsoft SQL Server
, ;
MySQL-compatible, including MySQL, MariaDB, and Amazon Aurora MySQL
;
Oracle ,
PostgreSQL, Amazon Aurora PostgreSQL-Compatible Edition, and Amazon Aurora Serverless as a target only for Aurora PostgreSQL-Compatible Edition
; + %
Amazon Redshift, as a target only
, ;
-
-
Choose Endpoint settings and AWS KMS key if you need them. You can test the endpoint connection by choosing Run test. The following table describes the settings.
For this option Do this Endpoint settings
Select any additional connection parameters here. For more information about endpoint settings, see the documentation section for your Source engine or Target engine (specified in step 1).
For an Oracle source endpoint that uses Oracle ASM, if you choose Provide access information manually in step 1, you might also need to type in endpoint setting to specify Oracle ASM user credentials. For more information on these Oracle ASM endpoint settings, see Using Oracle LogMiner or AWS DMS Binary Reader for CDC.
AWS KMS key
Choose the encryption key to use to encrypt replication storage and connection information. If you choose (Default) aws/dms, the default AWS Key Management Service (AWS KMS) key associated with your account and AWS Region is used. For more information on using the encryption key, see Setting an encryption key and specifying AWS KMS permissions.
Test endpoint connection (optional)
Add the VPC and replication instance name. To test the connection, choose Run test.