AWS dms documentation change
Summary
Added requirements for MySQL premigration assessments including specific privilege grants for replication monitoring and RDS configuration checks
Security assessment
Changes document required privilege grants for proper monitoring and configuration validation. While security-related (principle of least privilege), there's no evidence of addressing a specific vulnerability. The grants appear to be standard operational requirements rather than patching a security flaw.
Diff
diff --git a/dms/latest/userguide/CHAP_Source.MySQL.md b/dms/latest/userguide/CHAP_Source.MySQL.md index 9e525e957..5152fce4a 100644 --- a//dms/latest/userguide/CHAP_Source.MySQL.md +++ b//dms/latest/userguide/CHAP_Source.MySQL.md @@ -55,0 +56,4 @@ You must have an account for AWS DMS that has the Replication Admin role. The ro +###### Note + +For MariaDB version 10.5.2+, you can use BINLOG MONITOR – it is a replacement for REPLICATION CLIENT. + @@ -65 +69 @@ The AWS DMS user must also have SELECT privileges for the source tables designat -Grant the following privileges if you use MySQL-specific premigration assessments. +Grant the following privileges if you use MySQL-specific premigration assessments: @@ -71,0 +76,6 @@ Grant the following privileges if you use MySQL-specific premigration assessment + grant select on performance_schema.replication_connection_status to <dms_user>; #Required for primary instance validation - MySQL version 5.7 and higher only + +If you're using an RDS source and plan to run MySQL-specific premigration assessments, add the following permission: + + + grant select on mysql.rds_configuration to <dms_user>; #Required for binary log retention check