AWS DMS can not start migration

0
votes

I’ve created a stack for AWS DMS and another one for two testing Postgres dbs AWS::RDS::DBInstance, with cfn-sphere Both stacks were created successfully and I was able to create a table in the source database and load data into it.

I tried to start the replication task with boto3:

client = boto3.client('dms')
response = client.start_replication_task(
    ReplicationTaskArn=replication_task_arn,
    StartReplicationTaskType='start-replication'
)

But it didn’t work and I got the error:

botocore.errorfactory.InvalidResourceStateFault: An error occurred (InvalidResourceStateFault) when calling the StartReplicationTask operation: Test connection for replication instance ( url) should be successful for starting the replication task

I tried to trigger it from the website but I got an error that says:

AWSDatabaseMigrationService: Test connection for replication instance and endpoint should be successful for starting the replication task

Unfortunately the connection between Replication Instance and Target point didn’t work from the website ( my account has full access ). But it worked from my command line with boto3 dms client, test_connection.

My security group rule is:

  SecurityGroupIngress:
    Type: 'AWS::EC2::SecurityGroupIngress'
    Properties:
      GroupId: !Ref dbSecurityGroup
      IpProtocol: tcp
      FromPort: '5432'
      ToPort: '5432'
      CidrIp: //my public ip

Can anybody guide me where to look and how to fix it? (that's my first AWS task)

1
amazon-web-servicesamazon-rdsamazon-cloudformationboto3aws-dms

1 Answers

1
votes

1) Make sure the replication instance and the target endpoint are in the same vpc. Otherwise you must perform vpc peering. Also both should be in same region.

2) Add the security-group of the replication instance to the inbound rule of the target database security-group.

Type: AWS::EC2::SecurityGroup
Properties: 
  GroupName: "target-endpoint-sg"
  GroupDescription: "security group of target db server"
  VpcId: <provide your vpc id>
  SecurityGroupIngress:
    - IpProtocol: tcp
      FromPort: '5432'
      ToPort: '5432'
      SourceSecurityGroupId: <sec-grp of ReplicationInstance>

3) If your target database is already created, then provide the complete server name (ex: target-database-name.xxxxxxxxxxx.us-east-1.rds.amazonaws.com), username and password values correctly, when you create the Target Endpoints. In the aws console, Got to DMS -> Endpoints -> Select your endpoint checkbox -> Test connection to verify the connections.

If it's succeeds, then use the same user's role in boto3 client configuration and test using test_connection method.