Why can't I see CloudWatch Logs for an AWS DMS task?

Last updated: 2020-05-18

Why can't I see Amazon CloudWatch Logs for an AWS Database Migration Service (AWS DMS) task?

Short Description

To view the CloudWatch Logs for your AWS DMS task, confirm the following:

  • Amazon CloudWatch is enabled on the AWS DMS task.
  • The dms-cloudwatch-logs-role AWS Identity and Access Management (IAM) role is created, has the correct permissions policy, and has the correct trust relationship for AWS DMS to assume the role.

Resolution

First, enable CloudWatch logging for your task, if you haven't already. To enable CloudWatch logging, your task must be in a Stopped or Failed state.

If CloudWatch logging is enabled for your task and you still can't view the logs, confirm that you have the required IAM role. Open the IAM console, and then choose Roles from the navigation pane. Confirm that dms-cloudwatch-logs-role is listed. If you created the task using the AWS Command Line Interface (AWS CLI) or the dms-cloudwatch-logs-role role wasn't created because the account doesn't have sufficient permissions, then create the role with the required policies using the AWS CLI or follow these steps:

1.    Open the IAM console, and then choose Roles from the navigation pane.

2.    Choose Create role.

3.    Choose AWS service from Select type of trusted entity. Doing so allows the AWS service in the next step to perform actions on your behalf.

4.    Choose DMS from Choose a use case, which creates the following trust relationship policy so that AWS DMS can assume the role:

{  
"Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
       
    "Service": "dms.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

5.    Choose Next: Permissions.

6.    Enter AmazonDMSCloudWatchLogsRole in the search field. Then, choose the policy to grant AWS DMS access to CloudWatch.

7.    Choose Next: Tags.

8.    Optionally, add metadata to the role by using tags as key-value pairs.

9.    Choose Next: Review.

10.    For Role name, enter dms-cloudwatch-logs-role.

11.    Role description is filled, and you can add or edit the description as needed.

12.    Chose Create role.

After the role is created, you can use CloudWatch Logs to monitor your AWS DMS task.


Did this article help you?

Anything we could improve?


Need more help?