Why can't I see CloudWatch logs for an AWS DMS task?

Last updated: 2019-09-30

Short Description

To view the CloudWatch logs for your AWS DMS task, confirm the following:


First, enable CloudWatch logging for your task, if you haven't already. To enable CloudWatch logging, your task must be in a Stopped or Failed state.

If CloudWatch logging is enabled for your task and you still can't view the logs, confirm that you have the required IAM role. Open the IAM console, and choose Roles from the navigation pane. Confirm that dms-cloudwatch-logs-role is listed. This role is created automatically when the first AWS DMS task is created using the AWS DMS console. If you created the task using the AWS Command Line Interface (AWS CLI) or the dms-cloudwatch-logs-role role wasn't created because the account doesn't have sufficient permissions, then create the role with the required policies using the AWS CLI or follow these steps:

1.    Open the IAM console, and choose Roles from the navigation pane.

2.    Choose Create role.

3.    Choose AWS service from Select type of trusted entity, which creates the following trust relationship policy so that DMS can assume the role:

"Version": "2012-10-17",
  "Statement": [
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
    "Service": "dms.amazonaws.com"
      "Action": "sts:AssumeRole"

4.    Choose DMS as the service that will use this role.

5.    Choose Next: Permissions.

6.    Choose Create policy.

7.    Enter AmazonDMSCloudWatchLogsRole in the search field and choose the policy to grant AWS DMS access to CloudWatch.

8.    Choose Next:Tags.

9.    Optionally, add metadata to the role by using tags as key-value pairs.

10.    Choose Next: Review.

11.    For Role name, enter dms-cloudwatch-logs-role.

12.    Role description is filled, and you can add or edit the description as needed.

13.    Chose Create role.

After the role is created, you can use CloudWatch logs to monitor your AWS DMS task.

