Hi,
I have a replication instance in AWS DMS which is using DocumentDB as the source and Elasticsearch as the target. Test connection is working with the DocumentDB, but not with ElasticSearch. I get the following error:
Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to connect to database.
Here is what I have done:
Created a role which I have used in the Endpoint for ES, arn:aws:iam::XXX:role/DMS-ES-Access
The above role has the following trust relationship:
{
"Version": "2012-10-17",
"Statement": \[
{
"Sid": "1",
"Effect": "Allow",
"Principal": {
"Service": "dms.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
And the following policy:
{
"Version": "2012-10-17",
"Statement": \[
{
"Effect": "Allow",
"Action": \[
"es:ESHttpDelete",
"es:ESHttpGet",
"es:ESHttpHead",
"es:ESHttpPost",
"es:ESHttpPut"
],
"Resource": "*"
}
]
}
In the elasticsearch cluster, the access policy was modified to include the above role:
{
"Version": "2012-10-17",
"Statement": \[
....
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::XXX:role/DMS-ES-Access"
},
"Action": "es:*",
"Resource": "arn:aws:es:us-east-1:XXX:domain/YYY/*"
},
...
]
}
The replication instance is in a public subnet with internet access and a public ip.
Please help.