AWS Migration Hub Adds Support for Service-Linked Roles

Posted on: Jun 20, 2019

Today, AWS Migration Hub is introducing support for using AWS Identity and Access Management (IAM) service-linked roles, a new type of IAM role that allows you to easily delegate permissions to AWS services.

Migration Hub provides a single location to discover your on-premises infrastructure and track the progress of application migrations across multiple AWS and partner solutions. Service-linked roles are predefined by Migration Hub and include all the permissions that the service requires to use other AWS services on your behalf, such as the permissions that Migration Hub requires to use AWS Application Discovery Service for storing on-premises discovery data.  

Unlike a normal IAM role, you cannot delete the service-linked role if it is still in use by Migration Hub. This protects you from inadvertently revoking Migration Hub's required permissions to your resources. The addition of service-linked roles to Migration Hub also helps with authorizing migration tools. For example, the service-linked role allows AWS Database Migration Service to send migration status to Migration Hub, without setting up additional permissions.  

Service-linked roles are available in all AWS Regions where Migration Hub is offered. Existing users of Migration Hub do not need to take any action and can continue to use existing IAM roles. There is no additional charge for Migration Hub nor for the use of service-linked roles. To learn more, see the AWS Migration Hub documentation. Get started using Migration Hub from the AWS Migration Hub Console.