Terraform AWS DMS

Database Migration Service replication instances, source and target endpoints, replication tasks, subnet groups, logging, and controlled network placement for data migration.

3 controls enforced16 frameworks

Controls Enforced

The following compliance controls are enforced by this module at terraform plan time.

Quick Start

ACSC Essential EightACSC ISM March 2023AWS Control Tower GuardrailsAWS Generative AI Best Practices v2AWS Well-Architected Framework v10CCCS Medium Cloud Control ProfileTitle 21 CFR Part 11CIS AWS Benchmark v1.4.0CIS AWS Benchmark v5.0.0CIS AWS Benchmark v6.0.0CIS Controls v8.0 IG1CISA Cyber EssentialsEU GMP Annex 11FedRAMP Low Baseline Rev 4FedRAMP Moderate Baseline Rev 4FFIEC Cybersecurity Assessment ToolGDPRHIPAA Omnibus Rule 2013ISO/IEC 27001:2022NIS2 Directive (EU 2022/2555)NIST SP 800-171 Rev 2NIST SP 800-53 Rev 5NIST Cybersecurity Framework v2.0NYDFS Cybersecurity RegulationPCI DSS v4.0RBI Cyber Security Framework for UCBsRBI IT Framework for NBFCsSOC 2

module "dms" {
  source  = "acscessentialeight.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "acscism2023.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "awscontroltower.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "awsgenai.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "awswellarchitected.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "cccsmedium.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "cfrpart11.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "cisv140.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "cisv500.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "cis.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "cisv80ig1.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "cisacyberessentials.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "eugmpannex11.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "fedramplow.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "fedrampmoderate.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "ffiec.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "gdpr.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "hipaa.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "iso27001.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "nis2.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "nist800171.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "nist80053.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "nistcsf.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "nydfs23.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "pcidss.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "rbicybersecurity.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "rbiitfnbfc.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

module "dms" {
  source  = "soc2.compliance.tf/terraform-aws-modules/dms/aws"
  version = "<version>"

  # ... your arguments here
}

See the Get Started guide to get started and read the Features section for more details on how to customize the module for your requirements.

Migration from Upstream

Already using terraform-aws-modules? Change only the source URL:

BeforeAfter

module "dms" {
  source  = "terraform-aws-modules/dms/aws"
  version = "1.0"
}

module "dms" {
  source  = "soc2.compliance.tf/terraform-aws-modules/dms/aws"
  version = "1.0"
}

Same arguments. Same outputs. Compliance controls are enforced automatically at terraform plan. If a required value is missing, you get a clear validation error telling you what to set.

See the Migration Guide for step-by-step instructions.

Reversibility

No lock-in. Switch back by reverting the source URL to the upstream path:

module "dms" {
  source  = "terraform-aws-modules/dms/aws"
}

Run terraform init -upgrade. Terraform state is unchanged — same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.

Mapped compliance frameworks

Framework Coverage

Which controls from this module are active under each framework endpoint. ● enforced by default · ○ not activated by this endpoint

Control	ACSC Essential Eight	Title 21 CFR Part 11	CIS Controls v8.0 IG1	CISA Cyber Essentials	FedRAMP Low Baseline Rev 4	FedRAMP Moderate Baseline Rev 4	FFIEC Cybersecurity Assessment Tool	HIPAA Omnibus Rule 2013
DMS replication instances should have automatic minor version upgrade enabled	○	○	○	○	○	○	○	○
Dms Replication Instance Encryption Enabled	○	○	○	○	○	○	○	○
DMS replication instances should not be publicly accessible	●	●	●	●	●	●	●	●

Showing top 8 frameworks by coverage. All framework endpoints →