In order to install the AWS Replication Agent, you must first generate the required AWS credentials.
Important
Temporary credentials have many advantages. You don't need to rotate them or revoke them when they're no longer needed, and they cannot be reused after they expire. You can specify for how long the credentials are valid, up to a maximum limit. Because they provide enhanced security, using temporary credentials is considered best practice and the recommended option.
Temporary credentials
The temporary credentials provided by AWS Application Migration Service utilize a similar mechanism to the one used by IAM Roles Anywhere.
To create temporary credentials, you need to:
-
Create a new IAM Role with the AWSApplicationMigrationAgentInstallationPolicy policy.
-
Request temporary security credentials through AWS STS through the AssumeRole API.
An example of generating temporary credentials via AWS CLI can be found here.
Learn more about how temporary credentials work.
Permanent credentials
Where possible, we recommend using temporary credentials instead of creating users who have long-term credentials such as passwords and access keys. However, there are specific use cases that require long-term credentials (for example, agentless snapshot based replications). Learn more about long-term credentials.
Installing the AWS Replication Agent on an
Amazon EC2 instance
When installing an AWS Replication Agent on an Amazon EC2 instance (when the source server is in AWS Regions), you don't need to generate credentials. Instead, you can use an instance profile with the required IAM policy:
-
Go to the Amazon EC2 console and select your Amazon EC2 instance.
-
From the top right-hand menu, select Actions > Security > Modify IAM role.
-
Use a role that contains the AWSApplicationMigrationServiceEc2InstancePolicy policy.
If none exists, click Create new IAM role, attach the policy and return to the Amazon EC2 console window.
-
Select your new role from the drop-down list and click Update.
