如何从AWS DMS找到Secret?
Chr*_*ens 9 database-migration amazon-web-services aws-dms
I'm trying to set up an Aurora Postgres target endpoint on AWS DMS and I'm getting the error below when testing. There are no special permissions set up on the secret. The IAM role has SecretsManagerReadWrite attached and trusts dms.us-west-2.amazonaws.com. Attached below is a screenshot of the setup screen.
Note that I do currently have one (regular Postgres) target endpoint already set up, and I get the same error when trying to just recreate that one. Any advice would be appreciated, I'm tearing my hair out! I'm happy to provide more info, just not sure what else is needed.
Error message: Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to retrieve secret. Unable to find Secrets Manager secret, Application-Detailed-Message: Unable to find AWS Secrets Manager secret Arn 'arn:aws:secretsmanager:us-west-2:###########:secret:data_modeling_db/pipelines_write_user-#####' The secrets_manager get secret value failed: curlCode: 28, Timeout was reached Too many retries: curlCode: 28, Timeout was reached
Endpoint creation screenshot:
Chr*_*ens 12
已解决(感谢 AWS 支持)
- 创建 VPC 终端节点:VPC > 终端节点 > 创建终端节点 > 选择服务 com.amazonaws.us-west-2.secretsmanager > 选择 VPC > 选中启用 DNS 名称 > 选择安全组 > 创建终端节点
- 获取终端节点的 DNS 名称:VPC > 终端节点 > 选择终端节点 > 复制区域/子区域的 DNS 名称(我只使用了顶部的一个)
- 创建 DMS 端点:DMS > 端点 > 创建端点 > 正常设置 > 端点设置 > 选中使用端点连接属性 > 粘贴“secretsManagerEndpointOverride=”
- 田田!
- 对于未来的读者来说,仅当子网无法访问互联网(子网的路由表中没有互联网网关和/或 NAT 网关)时才需要这样做。 (2认同)
| 归档时间: |
|
| 查看次数: |
4593 次 |
| 最近记录: |