I am trying to create a a DMS (Database Migration Service) Instance but I am getting the following error:
SYSTEM ERROR MESSAGE:The IAM Role arn:aws:iam::<account_id>:role/dms-vpc-role is not configured properly
What role should I create and to what I should assign it to?
Seems like they changed the IAM roles, if anyone is trying to do this now, the simplest solution is to create a replication instance in the AWS console and the dms-vpc-role will be automatically created.
Then you can delete that 'temporal' instance and run the cloudformation/aws cli to create the instance that you want.
If you want to create the role by hand, the policy attached has to be AmazonDMSVPCManagementRole
And contains the following permissions:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterface",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInternetGateways",
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"ec2:DeleteNetworkInterface",
"ec2:ModifyNetworkInterfaceAttribute"
],
"Resource": "*"
}
]
}