Skip to content

Resource: awsDmsReplicationSubnetGroup

Provides a DMS (Data Migration Service) replication subnet group resource. DMS replication subnet groups can be created, updated, deleted, and imported.

\~> Note: AWS requires a special IAM role called dmsVpcRole when using this resource. See the example below to create it as part of your configuration.

Example Usage

Basic

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.dmsReplicationSubnetGroup.DmsReplicationSubnetGroup(this, "example", {
  replicationSubnetGroupDescription: "Example replication subnet group",
  replicationSubnetGroupId: "example-dms-replication-subnet-group-tf",
  subnetIds: ["subnet-12345678", "subnet-12345679"],
  tags: {
    Name: "example",
  },
});

Creating special IAM role

If your account does not already include the dmsVpcRole IAM role, you will need to create it to allow DMS to manage subnets in the VPC.

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsIamRoleDmsVpcRole = new aws.iamRole.IamRole(this, "dms-vpc-role", {
  assumeRolePolicy:
    '${jsonencode({\n    Version = "2012-10-17"\n    Statement = [\n      {\n        Effect = "Allow"\n        Principal = {\n          Service = "dms.amazonaws.com"\n        }\n        Action = "sts:AssumeRole"\n      },\n    ]\n  })}',
  description: "Allows DMS to manage VPC",
  name: "dms-vpc-role",
});
const awsIamRolePolicyAttachmentExample =
  new aws.iamRolePolicyAttachment.IamRolePolicyAttachment(this, "example", {
    policyArn:
      "arn:aws:iam::aws:policy/service-role/AmazonDMSVPCManagementRole",
    role: awsIamRoleDmsVpcRole.name,
  });
const awsDmsReplicationSubnetGroupExample =
  new aws.dmsReplicationSubnetGroup.DmsReplicationSubnetGroup(
    this,
    "example_2",
    {
      depends_on: [`\${${awsIamRolePolicyAttachmentExample.fqn}}`],
      replicationSubnetGroupDescription: "Example",
      replicationSubnetGroupId: "example-id",
      subnetIds: ["subnet-12345678", "subnet-12345679"],
      tags: {
        Name: "example-id",
      },
    }
  );
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsDmsReplicationSubnetGroupExample.overrideLogicalId("example");

Argument Reference

The following arguments are supported:

  • replicationSubnetGroupDescription - (Required) Description for the subnet group.
  • replicationSubnetGroupId - (Required) Name for the replication subnet group. This value is stored as a lowercase string. It must contain no more than 255 alphanumeric characters, periods, spaces, underscores, or hyphens and cannot be default.
  • subnetIds - (Required) List of at least 2 EC2 subnet IDs for the subnet group. The subnets must cover at least 2 availability zones.
  • tags - (Optional) Map of tags to assign to the resource. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.
  • vpcId - The ID of the VPC the subnet group is in.

Timeouts

Configuration options:

  • create - (Default 15M)
  • update - (Default 15M)
  • delete - (Default 15M)

Import

Replication subnet groups can be imported using the replicationSubnetGroupId, e.g.,

$ terraform import aws_dms_replication_subnet_group.test test-dms-replication-subnet-group-tf