How can I troubleshoot connectivity failures and errors for an AWS DMS task that uses Amazon Redshift as the target endpoint?
Last updated: 2020-09-23
How can I troubleshoot connectivity failures and errors for an AWS Database Migration Service (AWS DMS) task that uses Amazon Redshift as the target endpoint?
When you test the connectivity to an Amazon Redshift endpoint, the test can fail if you haven't met the prerequisites for using an Amazon Redshift database as a target for AWS Database Migration Service. This can happen if you haven't created and configured the required AWS Identity and Access Management (IAM) role, or the Amazon Simple Storage Service (Amazon S3) bucket name for an endpoint ARN is in use. The required IAM role is created automatically when you use the AWS DMS console, but it isn't created if you used the AWS DMS API or the AWS Command Line Interface (AWS CLI).
A connectivity test can also fail if there are problems with the network configuration of the AWS DMS task. To troubleshoot endpoint connectivity errors, see How can I troubleshoot AWS DMS endpoint connectivity failures?
If the required IAM role isn't created and configured correctly, then you receive an error similar to the following:
Role 'dms-access-for-endpoint' is not configured properly
Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent AWS CLI version.
To resolve this error, confirm that the dms-access-for-endpoint IAM role is created and configured correctly. For information about the configuration of this role, see the To create the dms-access-for-endpoint IAM role for use with Amazon Redshift as a target database section of Creating the IAM Roles to use with the AWS CLI and AWS DMS API.
If the Amazon managed policy isn't configured correctly, then you can receive an error similar to the following:
Unable to create S3 bucket for Redshift. Bucket Name for endpoint ARN is in use.
This error occurs when:
- The Amazon managed policy (AmazonDMSRedshiftS3Role or a similar custom policy) isn't attached to the dms-access-for-endpoint IAM role.
- The dms-access-for-endpoint IAM role policy has an explicit deny for Amazon S3.
- The preconfigured S3 bucket policy that AWS DMS created automatically and associated with the Amazon Redshift endpoint has been modified with explicit restriction.
To resolve this error, attach the default managed policy ( AmazonDMSRedshiftS3Role) or similar custom policy to the dms-access-for-endpoint IAM role. Then, confirm that the default S3 bucket policy associated by AWS DMS hasn't been modified. For more information, see Amazon S3 bucket settings.