Set Up Networking

Since we don’t use a VPN or AWS Direct Connect in this workshop, DMS Replication Instance will need to connect to the source database over public internet and to the target database via the private network of its VPC.

Replication Instance Architecture

Configure the security group

To allow inbound traffic from the DMS Replication Instance to the target RDS database, we set up two Security Groups.

  1. Go to the EC2 service, by typing EC2 in the search box next to Services at the top of the screen and then clicking on EC2 when it appears as a result.

    Select EC2

  2. From the menu sidebar on the left of the EC2 Service screen, click Security Groups.

    Click Security Groups

  3. Create a security group for the DMS Replication Instance.

    a. Go to AWS Console > Services > EC2 > Security Groups and click the Create Security Group button.

    Create security group

    b. For Security group name enter RI-SG .

    c. For Description you can enter Security Group for Replication Instance.

    d. Make sure you change the VPC from the default to the one marked TargetVPC. To access the drop down list of VPCs, click the cross at the end of the name of the default vpc.

    Replication-instance-networ

    e. Now pick the VPC with (TargetVPC) in brackets:

    Replication-instance-networ

    e. Leave everything else unchanged and click Create Security Group

    Replication-instance-networ

There is no need to add any inbound rules to the DMS Replication Instance security group RI-SG. We have created the security group so that we can use the security group name to identify the Replication Instance when we set up access for the Replication Instance to the source and target.

  1. Create a security group for the Target Database.

    a. Once again click Security Groups in the left menu and the Create security group button.

    Create security group

    b. Enter Security group name DB-SG , give it a Description Database SG for target and select the TargetVPC entry from the drop down in the VPC field and press Create security group button.

    c. This time, click the Add rule button in the Inbound rules

    d. Set the type for the inbound rule from the Type drop down to MYSQL/Aurora and set the Source in the source drop down to the DMS Replication Instance security group, RI-SG, (ex. RI-SG) then click Create Security Group at the very bottom of the page. Adding inbound rule for reserved instance

  2. You have finished creating Security Groups for now, move on to the next step.