- Newest
- Most votes
- Most comments
AWS DMS supports migrating databases from on-premises to AWS, but your specific OpenVPN approach has some considerations to be aware of.
For your PostgreSQL to Amazon RDS for PostgreSQL migration, AWS DMS creates a serverless environment and uses native PostgreSQL tools like pg_dump, pg_restore, and logical replication (for CDC) depending on your migration type.
Regarding your specific questions:
-
Yes, your OpenVPN-based approach can work for AWS DMS to access an on-premises database. AWS DMS requires that at least one endpoint (source or target) be in AWS, which is satisfied in your case as the target is Amazon RDS. The key requirement is that the DMS replication instance must have network connectivity to both source and target databases. Using an EC2 instance as an OpenVPN client that routes traffic between your on-premises network and AWS can provide this connectivity.
-
For routing and security group considerations:
- The EC2 OpenVPN client instance needs security group rules allowing traffic to/from the DMS replication instance
- The DMS replication instance security group needs rules allowing traffic to/from both the EC2 OpenVPN client and the target RDS instance
- The RDS security group must allow traffic from the DMS replication instance
- You'll need proper route table entries in your VPC to route traffic destined for your on-premises network through the EC2 OpenVPN client
- Ensure the OpenVPN tunnel has sufficient bandwidth for your database size and change rate
- Compared to AWS Site-to-Site VPN or Direct Connect:
- Performance: Your OpenVPN solution may have lower throughput and higher latency compared to Direct Connect or even Site-to-Site VPN, which could impact migration speed and CDC latency
- Reliability: The EC2 OpenVPN client represents a single point of failure in your connectivity architecture
- Scalability: The EC2 instance size will limit the bandwidth available for the migration
- Management overhead: You'll need to manage and monitor the EC2 OpenVPN client instance
For a production migration, especially with large databases or high change rates, AWS Site-to-Site VPN or Direct Connect would typically provide better performance, reliability, and simpler architecture. However, your OpenVPN approach can work for smaller databases or when other connectivity options aren't feasible.
When setting up your migration, follow the standard AWS DMS homogeneous migration process: create IAM resources, configure network, set up database users with appropriate permissions, store credentials in Secrets Manager, create data providers, create an instance profile, create a migration project, and then configure and start the data migration.
Sources
Migrating databases to their Amazon RDS equivalents with AWS DMS - AWS Database Migration Service
PostgreSQL to Amazon RDS migration overview - Database Migration Guide
AWS DMS - AWS Prescriptive Guidance
Migrate or upgrade your like-to-like databases using AWS DMS homogeneous migration | AWS Database Blog
Migrating data - Migrating Your Databases to Amazon Aurora
Relevant content
- asked 10 months ago
