cdk-dms-replication 0.0.0

package/cdk.context.json

@@ -0,0 +1 @@
+{}

package/integ/sample-app.ts

@@ -0,0 +1,229 @@
+import * as cdk from 'aws-cdk-lib';
+import * as ec2 from 'aws-cdk-lib/aws-ec2';
+import * as kms from 'aws-cdk-lib/aws-kms';
+import {
+  DmsEndpoint,
+  DmsMigrationPipeline,
+  DmsReplicationInstance,
+  DmsServerlessPipeline,
+  EndpointEngine,
+  EndpointType,
+  MigrationType,
+  ReplicationInstanceClass,
+  TableMappings,
+  TaskSettings,
+  LobMode,
+  ErrorAction,
+} from '../src';
+
+const app = new cdk.App();
+
+// ---------------------------------------------------------------------------
+// Stack 1: Classic DmsMigrationPipeline — MySQL → Aurora PostgreSQL
+// ---------------------------------------------------------------------------
+const classicStack = new cdk.Stack(app, 'IntegClassicPipeline');
+
+const classicVpc = new ec2.Vpc(classicStack, 'Vpc', {
+  maxAzs: 2,
+  natGateways: 1,
+});
+
+new DmsMigrationPipeline(classicStack, 'MySqlToAurora', {
+  vpc: classicVpc,
+  migrationType: MigrationType.FULL_LOAD_AND_CDC,
+  replicationInstanceClass: ReplicationInstanceClass.R6I_LARGE,
+  sourceEndpoint: {
+    engine: EndpointEngine.MYSQL,
+    serverName: 'mysql.example.com',
+    port: 3306,
+    username: 'dms_user',
+    password: cdk.SecretValue.secretsManager('mysql-dms-secret'),
+    databaseName: 'mydb',
+  },
+  targetEndpoint: {
+    engine: EndpointEngine.AURORA_POSTGRESQL,
+    serverName: 'aurora.cluster.us-east-1.rds.amazonaws.com',
+    port: 5432,
+    username: 'dms_user',
+    password: cdk.SecretValue.secretsManager('aurora-dms-secret'),
+    databaseName: 'mydb',
+  },
+  tableMappings: new TableMappings().includeSchema('public').toJson(),
+  taskSettings: new TaskSettings()
+    .withLobMode(LobMode.LIMITED_LOB, 32)
+    .withFullLoadSubTasks(16)
+    .withBatchApply(true, 5, 60)
+    .withDataErrorPolicy(ErrorAction.IGNORE_RECORD, 100)
+    .toJson(),
+  multiAz: true,
+});
+
+// ---------------------------------------------------------------------------
+// Stack 2: Classic pipeline — Oracle → S3 (no CDC roles, shared KMS key)
+// ---------------------------------------------------------------------------
+const oracleStack = new cdk.Stack(app, 'IntegOracleToS3');
+
+const oracleVpc = new ec2.Vpc(oracleStack, 'Vpc', { maxAzs: 2, natGateways: 1 });
+const sharedKey = new kms.Key(oracleStack, 'SharedKey', { enableKeyRotation: true });
+
+new DmsMigrationPipeline(oracleStack, 'OracleToS3', {
+  vpc: oracleVpc,
+  migrationType: MigrationType.FULL_LOAD,
+  replicationInstanceClass: ReplicationInstanceClass.C6I_2XLARGE,
+  encryptionKey: sharedKey,
+  sourceEndpoint: {
+    engine: EndpointEngine.ORACLE,
+    serverName: 'oracle.example.com',
+    port: 1521,
+    username: 'dms_user',
+    password: cdk.SecretValue.secretsManager('oracle-dms-secret'),
+    databaseName: 'ORCL',
+    oracleSettings: {
+      addSupplementalLogging: true,
+      useLogminerReader: true,
+    },
+  },
+  targetEndpoint: {
+    engine: EndpointEngine.S3,
+    s3Settings: {
+      bucketName: 'my-dms-target-bucket',
+      serviceAccessRoleArn: 'arn:aws:iam::123456789012:role/dms-s3-role',
+      dataFormat: 'parquet' as any,
+      datePartitionEnabled: true,
+    },
+  },
+  createDmsServiceRoles: false,
+});
+
+// ---------------------------------------------------------------------------
+// Stack 3: Serverless pipeline — PostgreSQL → Redshift
+// ---------------------------------------------------------------------------
+const serverlessStack = new cdk.Stack(app, 'IntegServerlessPipeline');
+
+const serverlessVpc = new ec2.Vpc(serverlessStack, 'Vpc', { maxAzs: 2, natGateways: 1 });
+
+new DmsServerlessPipeline(serverlessStack, 'PgToRedshift', {
+  vpc: serverlessVpc,
+  maxCapacityUnits: 16,
+  minCapacityUnits: 2,
+  migrationType: MigrationType.FULL_LOAD_AND_CDC,
+  sourceEndpoint: {
+    engine: EndpointEngine.POSTGRES,
+    serverName: 'pg.example.com',
+    port: 5432,
+    username: 'dms_user',
+    password: cdk.SecretValue.secretsManager('pg-dms-secret'),
+    databaseName: 'mydb',
+    postgreSqlSettings: {
+      pluginName: 'pglogical' as any,
+      heartbeatEnable: true,
+    },
+  },
+  targetEndpoint: {
+    engine: EndpointEngine.REDSHIFT,
+    serverName: 'redshift.cluster.us-east-1.redshift.amazonaws.com',
+    port: 5439,
+    username: 'dms_user',
+    password: cdk.SecretValue.secretsManager('redshift-dms-secret'),
+    databaseName: 'mydb',
+  },
+  tableMappings: new TableMappings().includeSchema('public').toJson(),
+});
+
+// ---------------------------------------------------------------------------
+// Stack 4: Standalone DmsReplicationInstance (escape-hatch usage)
+// ---------------------------------------------------------------------------
+const instanceStack = new cdk.Stack(app, 'IntegReplicationInstance');
+
+const instanceVpc = new ec2.Vpc(instanceStack, 'Vpc', { maxAzs: 2, natGateways: 1 });
+
+const ri = new DmsReplicationInstance(instanceStack, 'Instance', {
+  vpc: instanceVpc,
+  replicationInstanceClass: ReplicationInstanceClass.T3_MEDIUM,
+  allocatedStorage: 50,
+  engineVersion: '3.5.4',
+});
+
+ri.allowInboundFrom(
+  ec2.Peer.ipv4('10.0.0.0/8'),
+  ec2.Port.tcp(5432),
+  'Allow internal PostgreSQL',
+);
+
+// ---------------------------------------------------------------------------
+// Stack 5: CDC-only pipeline — SQL Server → Kinesis
+// Exercises MigrationType.CDC and cdcStartPosition, which take a different
+// code path in DmsReplicationTask than FULL_LOAD or FULL_LOAD_AND_CDC.
+// ---------------------------------------------------------------------------
+const cdcStack = new cdk.Stack(app, 'IntegCdcPipeline');
+
+const cdcVpc = new ec2.Vpc(cdcStack, 'Vpc', { maxAzs: 2, natGateways: 1 });
+
+new DmsMigrationPipeline(cdcStack, 'SqlServerToKinesis', {
+  vpc: cdcVpc,
+  migrationType: MigrationType.CDC,
+  replicationInstanceClass: ReplicationInstanceClass.R6I_LARGE,
+  sourceEndpoint: {
+    engine: EndpointEngine.SQLSERVER,
+    serverName: 'sqlserver.example.com',
+    port: 1433,
+    username: 'dms_user',
+    password: cdk.SecretValue.secretsManager('sqlserver-dms-secret'),
+    databaseName: 'mydb',
+    sqlServerSettings: {
+      readBackupOnly: true,
+      tlogAccessMode: 'BackupOnly',
+    },
+  },
+  targetEndpoint: {
+    engine: EndpointEngine.KINESIS,
+    kinesisSettings: {
+      streamArn: 'arn:aws:kinesis:us-east-1:123456789012:stream/dms-cdc-stream',
+      serviceAccessRoleArn: 'arn:aws:iam::123456789012:role/dms-kinesis-role',
+    },
+  },
+  cdcStartPosition: '0000000000000001:00000001:00000001',
+  tableMappings: new TableMappings().includeSchema('%').toJson(),
+});
+
+// ---------------------------------------------------------------------------
+// Stack 6: Existing endpoints escape hatch — pre-created DmsEndpoint objects
+// Exercises existingSourceEndpoint / existingTargetEndpoint, which skip
+// endpoint creation inside the pipeline construct.
+// ---------------------------------------------------------------------------
+const escapeStack = new cdk.Stack(app, 'IntegExistingEndpoints');
+
+const escapeVpc = new ec2.Vpc(escapeStack, 'Vpc', { maxAzs: 2, natGateways: 1 });
+
+const existingSource = new DmsEndpoint(escapeStack, 'Source', {
+  endpointType: EndpointType.SOURCE,
+  engine: EndpointEngine.POSTGRES,
+  serverName: 'pg.example.com',
+  port: 5432,
+  username: 'dms_user',
+  password: cdk.SecretValue.secretsManager('pg-dms-secret'),
+  databaseName: 'appdb',
+  postgreSqlSettings: {
+    pluginName: 'pglogical' as any,
+    slotName: 'dms_replication_slot',
+  },
+});
+
+const existingTarget = new DmsEndpoint(escapeStack, 'Target', {
+  endpointType: EndpointType.TARGET,
+  engine: EndpointEngine.S3,
+  s3Settings: {
+    bucketName: 'dms-escape-bucket',
+    serviceAccessRoleArn: 'arn:aws:iam::123456789012:role/dms-s3-role',
+  },
+});
+
+new DmsMigrationPipeline(escapeStack, 'Pipeline', {
+  vpc: escapeVpc,
+  migrationType: MigrationType.FULL_LOAD_AND_CDC,
+  existingSourceEndpoint: existingSource,
+  existingTargetEndpoint: existingTarget,
+  tableMappings: new TableMappings().includeSchema('public').toJson(),
+});
+
+app.synth();

package/lib/dms-roles.d.ts

@@ -0,0 +1,14 @@
+import * as cdk from 'aws-cdk-lib';
+import * as iam from 'aws-cdk-lib/aws-iam';
+/**
+ * Returns the account-level `dms-vpc-role` IAM role, creating it once per stack.
+ * DMS requires this exact role name before it can place replication instances or
+ * serverless configs inside a VPC.
+ */
+export declare function ensureDmsVpcRole(stack: cdk.Stack): iam.Role;
+/**
+ * Returns the account-level `dms-cloudwatch-logs-role` IAM role, creating it
+ * once per stack. DMS requires this exact role name to publish task logs to
+ * CloudWatch Logs.
+ */
+export declare function ensureDmsCloudWatchRole(stack: cdk.Stack): iam.Role;

package/lib/dms-roles.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureDmsVpcRole = ensureDmsVpcRole;
+exports.ensureDmsCloudWatchRole = ensureDmsCloudWatchRole;
+const iam = require("aws-cdk-lib/aws-iam");
+/**
+ * Returns the account-level `dms-vpc-role` IAM role, creating it once per stack.
+ * DMS requires this exact role name before it can place replication instances or
+ * serverless configs inside a VPC.
+ */
+function ensureDmsVpcRole(stack) {
+    const existing = stack.node.tryFindChild('DmsVpcRole');
+    if (existing)
+        return existing;
+    return new iam.Role(stack, 'DmsVpcRole', {
+        roleName: 'dms-vpc-role',
+        assumedBy: new iam.ServicePrincipal('dms.amazonaws.com'),
+        managedPolicies: [
+            iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonDMSVPCManagementRole'),
+        ],
+        description: 'Allows DMS to manage VPC resources for replication instances',
+    });
+}
+/**
+ * Returns the account-level `dms-cloudwatch-logs-role` IAM role, creating it
+ * once per stack. DMS requires this exact role name to publish task logs to
+ * CloudWatch Logs.
+ */
+function ensureDmsCloudWatchRole(stack) {
+    const existing = stack.node.tryFindChild('DmsCloudWatchLogsRole');
+    if (existing)
+        return existing;
+    return new iam.Role(stack, 'DmsCloudWatchLogsRole', {
+        roleName: 'dms-cloudwatch-logs-role',
+        assumedBy: new iam.ServicePrincipal('dms.amazonaws.com'),
+        managedPolicies: [
+            iam.ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonDMSCloudWatchLogsRole'),
+        ],
+        description: 'Allows DMS to publish task logs to CloudWatch Logs',
+    });
+}
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiZG1zLXJvbGVzLmpzIiwic291cmNlUm9vdCI6IiIsInNvdXJjZXMiOlsiLi4vc3JjL2Rtcy1yb2xlcy50cyJdLCJuYW1lcyI6W10sIm1hcHBpbmdzIjoiOztBQVFBLDRDQVdDO0FBT0QsMERBV0M7QUFwQ0QsMkNBQTJDO0FBRTNDOzs7O0dBSUc7QUFDSCxTQUFnQixnQkFBZ0IsQ0FBQyxLQUFnQjtJQUMvQyxNQUFNLFFBQVEsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxZQUFZLENBQUMsQ0FBQztJQUN2RCxJQUFJLFFBQVE7UUFBRSxPQUFPLFFBQW9CLENBQUM7SUFDMUMsT0FBTyxJQUFJLEdBQUcsQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLFlBQVksRUFBRTtRQUN2QyxRQUFRLEVBQUUsY0FBYztRQUN4QixTQUFTLEVBQUUsSUFBSSxHQUFHLENBQUMsZ0JBQWdCLENBQUMsbUJBQW1CLENBQUM7UUFDeEQsZUFBZSxFQUFFO1lBQ2YsR0FBRyxDQUFDLGFBQWEsQ0FBQyx3QkFBd0IsQ0FBQyx5Q0FBeUMsQ0FBQztTQUN0RjtRQUNELFdBQVcsRUFBRSw4REFBOEQ7S0FDNUUsQ0FBQyxDQUFDO0FBQ0wsQ0FBQztBQUVEOzs7O0dBSUc7QUFDSCxTQUFnQix1QkFBdUIsQ0FBQyxLQUFnQjtJQUN0RCxNQUFNLFFBQVEsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyx1QkFBdUIsQ0FBQyxDQUFDO0lBQ2xFLElBQUksUUFBUTtRQUFFLE9BQU8sUUFBb0IsQ0FBQztJQUMxQyxPQUFPLElBQUksR0FBRyxDQUFDLElBQUksQ0FBQyxLQUFLLEVBQUUsdUJBQXVCLEVBQUU7UUFDbEQsUUFBUSxFQUFFLDBCQUEwQjtRQUNwQyxTQUFTLEVBQUUsSUFBSSxHQUFHLENBQUMsZ0JBQWdCLENBQUMsbUJBQW1CLENBQUM7UUFDeEQsZUFBZSxFQUFFO1lBQ2YsR0FBRyxDQUFDLGFBQWEsQ0FBQyx3QkFBd0IsQ0FBQywwQ0FBMEMsQ0FBQztTQUN2RjtRQUNELFdBQVcsRUFBRSxvREFBb0Q7S0FDbEUsQ0FBQyxDQUFDO0FBQ0wsQ0FBQyIsInNvdXJjZXNDb250ZW50IjpbImltcG9ydCAqIGFzIGNkayBmcm9tICdhd3MtY2RrLWxpYic7XG5pbXBvcnQgKiBhcyBpYW0gZnJvbSAnYXdzLWNkay1saWIvYXdzLWlhbSc7XG5cbi8qKlxuICogUmV0dXJucyB0aGUgYWNjb3VudC1sZXZlbCBgZG1zLXZwYy1yb2xlYCBJQU0gcm9sZSwgY3JlYXRpbmcgaXQgb25jZSBwZXIgc3RhY2suXG4gKiBETVMgcmVxdWlyZXMgdGhpcyBleGFjdCByb2xlIG5hbWUgYmVmb3JlIGl0IGNhbiBwbGFjZSByZXBsaWNhdGlvbiBpbnN0YW5jZXMgb3JcbiAqIHNlcnZlcmxlc3MgY29uZmlncyBpbnNpZGUgYSBWUEMuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBlbnN1cmVEbXNWcGNSb2xlKHN0YWNrOiBjZGsuU3RhY2spOiBpYW0uUm9sZSB7XG4gIGNvbnN0IGV4aXN0aW5nID0gc3RhY2subm9kZS50cnlGaW5kQ2hpbGQoJ0Rtc1ZwY1JvbGUnKTtcbiAgaWYgKGV4aXN0aW5nKSByZXR1cm4gZXhpc3RpbmcgYXMgaWFtLlJvbGU7XG4gIHJldHVybiBuZXcgaWFtLlJvbGUoc3RhY2ssICdEbXNWcGNSb2xlJywge1xuICAgIHJvbGVOYW1lOiAnZG1zLXZwYy1yb2xlJyxcbiAgICBhc3N1bWVkQnk6IG5ldyBpYW0uU2VydmljZVByaW5jaXBhbCgnZG1zLmFtYXpvbmF3cy5jb20nKSxcbiAgICBtYW5hZ2VkUG9saWNpZXM6IFtcbiAgICAgIGlhbS5NYW5hZ2VkUG9saWN5LmZyb21Bd3NNYW5hZ2VkUG9saWN5TmFtZSgnc2VydmljZS1yb2xlL0FtYXpvbkRNU1ZQQ01hbmFnZW1lbnRSb2xlJyksXG4gICAgXSxcbiAgICBkZXNjcmlwdGlvbjogJ0FsbG93cyBETVMgdG8gbWFuYWdlIFZQQyByZXNvdXJjZXMgZm9yIHJlcGxpY2F0aW9uIGluc3RhbmNlcycsXG4gIH0pO1xufVxuXG4vKipcbiAqIFJldHVybnMgdGhlIGFjY291bnQtbGV2ZWwgYGRtcy1jbG91ZHdhdGNoLWxvZ3Mtcm9sZWAgSUFNIHJvbGUsIGNyZWF0aW5nIGl0XG4gKiBvbmNlIHBlciBzdGFjay4gRE1TIHJlcXVpcmVzIHRoaXMgZXhhY3Qgcm9sZSBuYW1lIHRvIHB1Ymxpc2ggdGFzayBsb2dzIHRvXG4gKiBDbG91ZFdhdGNoIExvZ3MuXG4gKi9cbmV4cG9ydCBmdW5jdGlvbiBlbnN1cmVEbXNDbG91ZFdhdGNoUm9sZShzdGFjazogY2RrLlN0YWNrKTogaWFtLlJvbGUge1xuICBjb25zdCBleGlzdGluZyA9IHN0YWNrLm5vZGUudHJ5RmluZENoaWxkKCdEbXNDbG91ZFdhdGNoTG9nc1JvbGUnKTtcbiAgaWYgKGV4aXN0aW5nKSByZXR1cm4gZXhpc3RpbmcgYXMgaWFtLlJvbGU7XG4gIHJldHVybiBuZXcgaWFtLlJvbGUoc3RhY2ssICdEbXNDbG91ZFdhdGNoTG9nc1JvbGUnLCB7XG4gICAgcm9sZU5hbWU6ICdkbXMtY2xvdWR3YXRjaC1sb2dzLXJvbGUnLFxuICAgIGFzc3VtZWRCeTogbmV3IGlhbS5TZXJ2aWNlUHJpbmNpcGFsKCdkbXMuYW1hem9uYXdzLmNvbScpLFxuICAgIG1hbmFnZWRQb2xpY2llczogW1xuICAgICAgaWFtLk1hbmFnZWRQb2xpY3kuZnJvbUF3c01hbmFnZWRQb2xpY3lOYW1lKCdzZXJ2aWNlLXJvbGUvQW1hem9uRE1TQ2xvdWRXYXRjaExvZ3NSb2xlJyksXG4gICAgXSxcbiAgICBkZXNjcmlwdGlvbjogJ0FsbG93cyBETVMgdG8gcHVibGlzaCB0YXNrIGxvZ3MgdG8gQ2xvdWRXYXRjaCBMb2dzJyxcbiAgfSk7XG59XG4iXX0=