4

I followed all steps mentioned on this page. https://docs.aws.amazon.com/dms/latest/userguide/target.docdb.html

The problem is that the "import certificate" button is disabled and I can not upload the certificate.

You can download the public key for Amazon DocumentDB as the rds-combined-ca-bundle.pem file from an AWS-hosted Amazon S3 bucket.

After you download this .pem file, you can import the file into AWS DMS as described following.

AWS Management Console
To import the public key (.pem) file

Open the AWS DMS console at https://console.aws.amazon.com/dms.

In the navigation pane, choose Certificates.

Choose Import certificate and do the following:

For Certificate identifier, enter a unique name for the certificate, for example docdb-cert.

For Import file, navigate to the location where you saved the .pem file.

When the settings are as you want them, choose Add new CA certificate.
shantanuo
  • 31,689
  • 78
  • 245
  • 403

2 Answers2

2

This was because of the GUI problem faced in old interface. There is message on DMS homepage...

Try out the new look and feel of the DMS console We've heard your feedback! We fixed a number of usability issues and improved the overall look and feel. Try it out!

You need to click on "Try it out!" link and then upload the certificate. There is no problem as shown below.

new_interface

But if you keep using old user-interface, you will not be able to upload certificate due to browser glitch.

old_interface

As you can see, "Add new CA certificate" button remains disabled. I did not check through AWS command line though.

shantanuo
  • 31,689
  • 78
  • 245
  • 403
0

This looks like a permission issue. There's a note in the official documentation saying:

If you are signed in as an AWS Identity and Access Management (IAM) user, you must have the appropriate permissions to access AWS DMS. For more information on the permissions required for database migration, see IAM Permissions Needed to Use AWS DMS

More specifically:

The following section is required to allow the user to call AWS DMS API operations. { "Effect": "Allow", "Action": "dms:*", "Resource": "*" }

Also, for MongoDB, make sure you don't select verify-ca as SSL mode when creating the endpoint -- it's currently not supported: https://docs.aws.amazon.com/dms/latest/userguide/CHAP_Security.SSL.html

Fabio Manzano
  • 2,847
  • 1
  • 11
  • 23