π Making AWS DMS Work with RDS MySQL: What You Really Need to Know
Migrating data using AWS Database Migration Service (DMS) is smooth β once you get past the tricky setup. If you're using RDS MySQL as a source, here's exactly what you need to do to avoid common validation failures like:
Error Code [10001]: Binary Logging must be enabled for MySQL server
β 1. Create or Use a Custom Parameter Group
Go to the RDS Console β Parameter groups:
Create a new MySQL parameter group (you can't modify the default one).
Set the following values:
| Parameter | Value |
binlog_format | ROW |
binlog_row_image | FULL |
You wonβt see
log_binβ thatβs managed automatically by AWS.
β 2. Attach the Parameter Group to Your RDS Instance
Go to RDS β Databases β [your instance]
Click Modify
Under DB Parameter Group, select the custom group you created
Apply immediately or during the next maintenance window
Then Reboot the RDS instance
β 3. Enable Backup Retention (This Is Critical)
Still in the Modify screen, scroll to Backup Retention Period
Set it to at least 1 day
This enables binary logging (
log_bin), which is required for DMS CDC (change data capture)
If Backup Retention = 0 β
log_binwill stay OFF β DMS wonβt work.
β 4. Set Up a MySQL User with Required Privileges
Before you begin to work with a MySQL database as a source for AWS DMS, make sure that you have the following prerequisites. These prerequisites apply to either self-managed or AWS-managed sources.
You must have an account for AWS DMS that has the Replication Admin role. The role needs the following privileges:
| Privilege | Required For |
REPLICATION CLIENT | CDC tasks only |
REPLICATION SLAVE | CDC tasks only |
SUPER | Only before MySQL 5.6.6 |
SELECT | Always (for source tables) |
Grant core permissions:
sqlCopyEditCREATE USER 'dms_user'@'%' IDENTIFIED BY 'StrongPassword123!';
GRANT REPLICATION SLAVE, REPLICATION CLIENT, SELECT ON *.* TO 'dms_user'@'%';
FLUSH PRIVILEGES;
If you're using MySQL-specific premigration assessments, add these:
sqlCopyEditGRANT SELECT ON mysql.user TO 'dms_user'@'%';
GRANT SELECT ON mysql.db TO 'dms_user'@'%';
GRANT SELECT ON mysql.tables_priv TO 'dms_user'@'%';
GRANT SELECT ON mysql.role_edges TO 'dms_user'@'%'; -- Only for MySQL 8.0.11 and higher
β 5. Verify Your Settings
Run these SQL queries:
sqlCopyEditSHOW VARIABLES LIKE 'log_bin'; -- Should be ON
SHOW VARIABLES LIKE 'binlog_format'; -- Should be ROW
SHOW VARIABLES LIKE 'binlog_row_image'; -- Should be FULL
β 6. Test in AWS DMS
Create your DMS source endpoint
Use your RDS instance and the
dms_usercredentialsHit "Test Connection" β you should now pass all validation checks
π§ Bonus Tips
Always use the writer instance if your RDS setup has read replicas
Donβt forget subnet group, security groups, and port 3306 access
For CDC, make sure your DMS task is set to "Full load + CDC"
β TL;DR β What You Need
| Requirement | Value/Status |
| Parameter group | Custom |
binlog_format | ROW |
binlog_row_image | FULL |
| Backup Retention | β₯ 1 day |
Binary Logging (log_bin) | ON (automatically) |
| DMS User Permissions | REPLICATION, SELECT, etc. |
| RDS Instance Role | Must be writer |
Let me know if you want this exported to Markdown, PDF, or styled for a blog platform!