When setting up an AWS Database Migration Service (DMS) endpoint to an EC2 instance, within your VPC, you may get the error stating the connection could not be established and there’s a login timeout.

Test Endpoint failed: Application-Status: 1020912, Application-Message: Failed to connect Network error has occurred, Application-Detailed-Message: RetCode: SQL_ERROR SqlState: HYT00 NativeError: 0 Message: [unixODBC][Microsoft][ODBC Driver 13 for SQL Server]Login timeout expired ODBC general error.

This may be due to lack of ingress into your EC2 instance. Create a security group that allows the appropriate port into your EC2 instance, for example 1433 for SQL Server, limited to the private IP address of the DNS instance. Then attach that security group to the EC2 endpoint (database).

That’s the easy part. But how do you find the private IP? It’s not listed anywhere in the DMS console.

1. Go to your DNS Replication Instance and copy the VPC and public IP address listed.
2. Go to Network Interfaces inside your EC2 console.
3. Look for the network interface with the copied public IPv4 address and VPC ID.
4. Copy the Primary Private IPv4 IP.
5. Go to Security Groups.
6. Select or create on that is associated with your database endpoint instance.
7. Add the copied IP into the source field of an inbound rule.