Creating required Amazon resources for Amazon DMS Fleet Advisor
DMS Fleet Advisor needs a set of Amazon resources in your account to forward and import inventory information, and to update the status of the DMS data collector.
Before you collect data and create inventories of databases and schemas for the first time, complete the following prerequisites.
Create an Amazon S3 bucket
Create an Amazon S3 bucket where inventory metadata can be stored. We recommend that you preconfigure this S3 bucket before using DMS Fleet Advisor. Amazon DMS stores your DMS Fleet Advisor inventory metadata in this S3 bucket.
For more information about creating an S3 bucket, see
Create your first S3 bucket
To create an Amazon S3 bucket to store local data environment information
Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at https://console.amazonaws.cn/s3/
. Choose Create bucket.
On the Create bucket page, enter a globally unique name that includes your sign-in name for the bucket, such as fa-bucket-
yoursignin.Choose the Amazon Web Services Region where you use the DMS Fleet Advisor.
Keep the remaining settings and choose Create bucket.
Create IAM resources
In this section, you create IAM resources for your data collector, IAM user, and DMS Fleet Advisor.
Create IAM resources for your data collector
To make sure that your data collector works correctly and uploads the collected metadata to your Amazon S3 bucket, create the following policies. Then, create an IAM user with the following minimum permissions. For more information about DMS data collector, see Discovering databases for migration using data collectors.
To create an IAM policy for DMS Fleet Advisor and your data collector to access Amazon S3
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. In the navigation pane, choose Policies.
Choose Create policy.
In the Create policy page, choose the JSON tab.
Paste the following JSON into the editor, replacing the example code. Replace
fa_bucket{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject*", "s3:GetBucket*", "s3:List*", "s3:DeleteObject*", "s3:PutObject*" ], "Resource": [ "arn:aws:s3:::fa_bucket", "arn:aws:s3:::fa_bucket/*" ] } ] }Choose Next: Tags and Next: Review.
Enter
FleetAdvisorS3Policyfor Name*, and then choose Create policy.
To create an IAM policy for DMS data collector to access DMS Fleet Advisor
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. In the navigation pane, choose Policies.
Choose Create policy.
In the Create policy page, choose the JSON tab.
Paste the following JSON code into the editor, replacing the example code.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dms:DescribeFleetAdvisorCollectors", "dms:ModifyFleetAdvisorCollectorStatuses", "dms:UploadFileMetadataList" ], "Resource": "*" } ] }Choose Next: Tags and Next: Review.
Enter
DMSCollectorPolicyfor Name*, then choose Create policy.
To create an IAM user with minimum permissions to use DMS data collector
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. In the navigation pane, choose Users.
Choose Add users.
On the Add user page, enter
FleetAdvisorCollectorUserfor User name*. Choose Access key- Programmatic Access for Select Amazon Access Type. Choose Next: Permissions.In the Set permissions section, choose Attach existing policies directly.
Use the search control to find and choose the DMSCollectorPolicy and FleetAdvisorS3Policy policies that you created before. Choose Next: Tags.
On the Tags page, choose Next: Review.
On the Review page, choose Create user. On the next page, choose Download .csv to save the new user credentials. Use these credentials with DMS Fleet Advisor for minimum required access permissions.
To create an IAM role for DMS Fleet Advisor and your data collector to access Amazon S3
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. In the navigation pane, choose Roles.
Choose Create role.
On the Select trusted entity page, for Trusted entity type, choose Amazon Service. For Use cases for other Amazon services, choose DMS.
Select the DMS check box and choose Next.
On the Add permissions page, choose FleetAdvisorS3Policy. Choose Next.
On the Name, review, and create page, enter
FleetAdvisorS3Rolefor Role name, then choose Create role.On the Roles page, enter
FleetAdvisorS3Rolefor Role name. Choose FleetAdvisorS3Role.On the FleetAdvisorS3Role page, choose the Trust relationships tab. Choose Edit trust policy.
On the Edit trust policy page, paste the following JSON into the editor, replacing the existing text.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": [ "dms.amazonaws.com", "dms-fleet-advisor.amazonaws.com" ] }, "Action": "sts:AssumeRole" } ] }The preceding policy grants the
sts:AssumeRolepermission to the services that Amazon DMS uses to import collected data from the Amazon S3 bucket.Choose Update policy.
Create the DMS Fleet Advisor service-linked role
DMS Fleet Advisor uses a service-linked role to manage Amazon CloudWatch metrics in your Amazon Web Services account. DMS Fleet Advisor uses this service-linked role to publish the collected database performance metrics to CloudWatch on your behalf. DMS Fleet Advisor can create this role after you create the required IAM policy. For more information, see Using service-linked roles for Amazon DMS.
To create an IAM policy that is required for the DMS Fleet Advisor service-linked role
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. In the navigation pane, choose Policies.
Choose Create policy.
In the Create policy page, choose the JSON tab.
Paste the following JSON code into the editor, replacing the example code.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iam:CreateServiceLinkedRole", "Resource": "arn:aws:iam::*:role/aws-service-role/dms-fleet-advisor.amazonaws.com/AWSServiceRoleForDMSFleetAdvisor*", "Condition": {"StringLike": {"iam:AWSServiceName": "dms-fleet-advisor.amazonaws.com"}} }, { "Effect": "Allow", "Action": [ "iam:AttachRolePolicy", "iam:PutRolePolicy" ], "Resource": "arn:aws:iam::*:role/aws-service-role/dms-fleet-advisor.amazonaws.com/AWSServiceRoleForDMSFleetAdvisor*" } ] }Choose Next: Tags and Next: Review.
Enter
DMSFleetAdvisorCreateServiceLinkedRolePolicyfor Name*, then choose Create policy.
Now, you can use this policy to create the service-linked role for DMS Fleet Advisor.
To create the service-linked role for DMS Fleet Advisor
Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/
. In the navigation pane, choose Roles. Then, choose Create role.
For Trusted entity type, choose Amazon service.
For Use cases for other Amazon services, choose DMS – Fleet Advisor.
Select the DMS – Fleet Advisor check box and choose Next.
On the Add permissions page, choose Next.
On the Name, review, and create page, choose Create role.
Alternatively, you can create this service-linked role from the Amazon API or Amazon CLI. For more information, see Creating a service-linked role for Amazon DMS Fleet Advisor.
After you create the service-linked role for DMS Fleet Advisor, you can see performance metrics for your source databases in target recommendations. Also, you can see these metrics and in your CloudWatch account. For more information, see Target recommendations.