How can I disable public access for an AWS DMS replication instance?
Last updated: 2019-10-03
How can I disable public access for an AWS Database Migration Service (AWS DMS) replication instance?
An AWS DMS replication instance can have one public IP address and one private IP address, just like an Amazon Elastic Compute Cloud (Amazon EC2) instance that has a public IP address.
You can use a public IP address by choosing the Publicly accessible option when you create your replication instance. Or specify the --publicly-accessible option when you create the replication instance using the AWS Command Line Interface (AWS CLI).
If you uncheck (disable) the box for Publicly accessible, then the replication instance has only a private IP address. As a result, the replication instance can communicate with a host that is in the same Amazon Virtual Private Cloud (Amazon VPC) and that can communicate with the private IP address. Or the replication instance can communicate with a host that is connected by VPC peering or AWS Direct Connect.
After you create the replication instance, you can't modify the Publicly accessible option.
To disable public access to your replication instance, delete the replication instance and recreate it. Before you can delete a replication instance, you must delete all of the tasks that use the replication instance.
Instead of recreating the replication instance, you can change the subnets that are in the subnet group that is associated with the replication instance to private subnets. A private subnet is a subnet that isn't routed to an internet gateway. Instances in a private subnet can't communicate with a public IP address, even if they have a public IP address. For more information, see Setting Up a Network for a Replication Instance.