Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dms-vpc-role is not configured properly -- configuration should be automated #7632

Closed
2 tasks
ahammond opened this issue Apr 27, 2020 · 2 comments
Closed
2 tasks

dms-vpc-role is not configured properly -- configuration should be automated #7632

ahammond opened this issue Apr 27, 2020 · 2 comments
Assignees
@nija-at
Labels
@aws-cdk/aws-dms Related to AWS Database Migration Service (AWS DMS) feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged.

Comments

@ahammond
Copy link
Contributor

ahammond commented Apr 27, 2020
edited
Loading

When first trying to deploy a DMS instance to an account using aws-dms.CfnReplicationInstance() I get the following error:

 4/5 | 4:30:47 PM | CREATE_FAILED        | AWS::DMS::ReplicationInstance  | Instance The IAM Role arn:aws:iam::123412341234:role/dms-vpc-role is not configured properly. (Service: AWSDatabaseMigrationService; Status Code: 400; Error Code: AccessDeniedFault; Request ID: 39cbef67-2365-4f1e-89c9-e3704c35481b)

According to https://forums.aws.amazon.com/thread.jspa?messageID=921775 this is pretty trivial to fix, but... it'd be nice to automate it.

Use Case

Anyone trying to deploy DMS objects.

Proposed Solution

Automate the role creation? But... maybe at a higher level than the Cfn objects? I'm not really sure what the right way to do this would be.

Workaround

export class DmsVpcRole extends core.Stack {
  role: iam.Role;
  public constructor(scope:cdk.Construct, id: string, props: core.StackProps) {
    super(scope, id, props);
      this.role = new iam.Role(this, 'DmsVpcRole', {
        roleName: 'dms-vpc-role',
        assumedBy: new iam.ServicePrincipal('dms.amazonaws.com'),
      });
      new cdk.CfnOutput(this, 'TheDmsVpcRole', { value: this.role.roleArn });

      const dmsVpcManagementRolePolicy = iam.ManagedPolicy.fromManagedPolicyArn(
        this, 
        'AmazonDMSVPCManagementRole', 
        'arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole'
      );
      this.role.addManagedPolicy(dmsVpcManagementRolePolicy);
  }
}
  • 👋 I may be able to implement this feature request
  • ⚠️ This feature might incur a breaking change

This is a 🚀 Feature Request
@ahammond ahammond added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Apr 27, 2020
@SomayaB SomayaB added the @aws-cdk/aws-dms Related to AWS Database Migration Service (AWS DMS) label Apr 29, 2020
@nija-at
Copy link
Contributor

nija-at commented Apr 29, 2020

Hello @ahammond -

Thanks for filing this feature request! Unfortunately, we don't yet have any higher level constructs built for DMS, and don't yet have plans to do so.

When this is done, this issue will be automatically addressed, and the necessary IAM roles will be automatically created.

If you would like to see more support for DMS in the CDK, please +1 here - #6906.

I'm closing this issue in favour of the tracking issue. Thanks!

@nija-at nija-at closed this as completed Apr 29, 2020
@chefren
Copy link
Contributor

chefren commented Jan 5, 2023

For anyone else landing here, the AWS forum link is gone, some ref to the required role is now here: https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.html#CHAP_Security.APIRole

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nija-at nija-at

Labels
@aws-cdk/aws-dms Related to AWS Database Migration Service (AWS DMS) feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ahammond @chefren @nija-at @SomayaB