Step 2: Configure Your Source Database - Database Migration Guide
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 2: Configure Your Source Database

In this step, you configure a new database user on your source SQL Server database. Also, you configure the network to set up interaction for your source database with DMS Schema Conversion.

Use the credentials of this new user in DMS Schema Conversion. We encourage not using the admin user in the DMS Schema Conversion migration project.

Make sure that you grant the following privileges to this new user to complete the migration:

  • VIEW DEFINITION — makes it possible for users that have public access to see object definitions.

  • VIEW DATABASE STATE — makes it possible for users to check the features of the SQL Server Enterprise edition.

You can use the following code example to create a database user and grant the privileges.

USE db_name
CREATE USER user_name FOR LOGIN user_name
GRANT VIEW DEFINITION TO user_name
GRANT VIEW DATABASE STATE TO user_name

In the preceding example, replace user_name with the name of your user. Then, replace db_name with a name of your database.

Repeat the grant for each database whose schema you are converting.

Then, make sure that you grant the following privileges on the master database:

  • VIEW SERVER STATE — makes it possible for users to collect server settings and configuration.

  • VIEW ANY DEFINITION — makes it possible for users to view data providers.

You can use the following code example to create a database user and grant the privileges.

USE master
GRANT VIEW SERVER STATE TO user_name
GRANT VIEW ANY DEFINITION TO user_name

In the preceding example, replace user_name with the name of your user.

After you configure your database user, make sure that DMS Schema Conversion can access your source SQL Server database. To set up a network for DMS Schema Conversion, you can use different network configurations. These configurations depend on the settings of your source database and your network. For more information about available options, see Setting up a network for DMS Schema Conversion.

In this walkthrough, you configure a Site-to-Site VPN connection using a virtual private gateway.

To configure a Site-to-Site VPN connection

  1. Sign in to the Amazon Web Services Management Console and open the Amazon VPC console at https://console.aws.amazon.com/vpc/.

  2. Choose your Amazon Region.

  3. Create a customer gateway.

    • In the navigation pane, choose Customer gateways, and then Create customer gateway.

    • For Name tag, enter a name for your customer gateway.

    • For BGP ASN, enter a Border Gateway Protocol (BGP) Autonomous System Number (ASN) for your customer gateway.

    • For IP address, enter the static, internet-routable IP address for your customer gateway device.

    • For Certificate ARN, choose the Amazon Resource Name of the private certificate.

    • For Device, enter a name for the device that hosts this customer gateway.

  4. Create a virtual private gateway.

    • In the navigation pane, choose Virtual private gateways, and then Create virtual private gateway.

    • For Name tag, enter a name for your virtual private gateway.

    • For Autonomous System Number (ASN), choose Amazon default ASN.

    • Choose Create virtual private gateway.

    • Select the virtual private gateway you created, choose Actions, and then Attach to VPC.

    • Under Available VPCs, select your VPC from the list and choose Attach to VPC.

  5. Configure route propagation in your route table.

    • In the navigation pane, choose Route tables, and then select the route table that is associated with your subnet. By default, this is the main route table for the VPC.

    • On the Route propagation tab in the details pane, choose Edit route propagation.

    • Select the virtual private gateway that you created before, and then choose Save.

  6. Add rules to your security group.

    • In the navigation pane, choose Security groups, and then select the default security group for your VPC.

    • On the Inbound tab in the details pane, add rules that allow inbound SSH, RDP, and ICMP access from your network.

    • Choose Save.

  7. Create a Site-to-Site VPN connection.

    • In the navigation pane, choose Site-to-Site VPN connections, and then Create VPN connection.

    • For Name tag, enter a name for your Site-to-Site VPN connection.

    • For Target gateway type, choose either Virtual private gateway.

    • For Customer gateway, select Existing.

    • For Customer gateway ID, choose the customer gateway that you created before.

    • Select the routing option. If your customer gateway device supports BGP, then choose Dynamic (requires BGP). Alternatively, choose Static and specify IP prefixes for the private network of your Site-to-Site VPN connection.

    • For Outside IP address type, keep the default option.

    • Choose Create VPN connection.

  8. Download the configuration file.

    • In the navigation pane, choose Site-to-Site VPN connections, and then Download configuration.

    • Select the vendor, platform, software, and IKE version that correspond to your customer gateway device. If your device isn’t listed, choose Generic.

    • Choose Download.

  9. Use the sample configuration file to configure your customer gateway device.