You can migrate data between ApsaraDB RDS instances of different Alibaba Cloud accounts by using Data Transmission Service (DTS). This topic describes how to migrate data between ApsaraDB RDS instances of different Alibaba Cloud accounts.
Prerequisites
The IDs of the Alibaba Cloud accounts to which the source and destination ApsaraDB RDS instances belong are obtained. For more information about how to obtain the ID of an Alibaba Cloud account, see the Preparations section of this topic.
DTS is authorized by the Alibaba Cloud account to which the source ApsaraDB RDS instance belongs to access the resources of the account. A Resource Access Management (RAM) role is created, the required permissions are granted to the RAM role, and the trust policy is modified. For more information about how to grant permissions, see the Preparations section of this topic.
The Alibaba Cloud account to which the destination ApsaraDB RDS instance belongs can be used to log on to the Data Management (DMS) or DTS console.
The destination ApsaraDB RDS instance is created. The available storage space of the destination ApsaraDB RDS instance is larger than the total size of the data in the source ApsaraDB RDS database.
Billing rules
Migration type | Task configuration fee | Internet traffic fee |
Schema migration and full data migration | Free of charge. | Charged only when data is migrated from Alibaba Cloud over the Internet. For more information, see Billing overview. |
Incremental data migration | Charged. For more information, see Billing overview. |
Permissions required for database accounts
Migrate data between ApsaraDB RDS for MySQL instances
Instance | Schema migration | Full data migration | Incremental data migration |
Source ApsaraDB RDS for MySQL instance | SELECT permission | SELECT permission | Read and write permissions |
Destination ApsaraDB RDS for MySQL instance | Read and write permissions | Read and write permissions | Read and write permissions |
For more information about how to create an account for an ApsaraDB RDS for MySQL instance and grant permissions to the account, see Create an account on an ApsaraDB RDS for MySQL instance and Modify the permissions of a standard account on an ApsaraDB RDS for MySQL instance.
If the source database account that you use is not created and authorized by using the ApsaraDB RDS for MySQL console, make sure that the account has the REPLICATION CLIENT, REPLICATION SLAVE, SHOW VIEW, and SELECT permissions.
Migrate data between ApsaraDB RDS for MariaDB instances
Database | Schema migration | Full data migration | Incremental data migration |
Source ApsaraDB RDS for MariaDB instance | The SELECT permission | The SELECT permission | The read and write permissions |
Destination ApsaraDB RDS for MariaDB instance | The read and write permissions | The read and write permissions | The read and write permissions |
For information about how to create a database account and grant permissions to the database account in an ApsaraDB RDS for MariaDB instance, see Create an account and Modify or reset account permissions.
Migrate data between ApsaraDB RDS for PostgreSQL instances
Database | Schema migration | Full data migration | Incremental data migration |
Source ApsaraDB RDS for PostgreSQL instance | USAGE permission on the pg_catalog schema | SELECT permission on the objects to be migrated | Permissions of a privileged account. The account must be the owner of the database. Note If the database engine version of the source ApsaraDB RDS for PostgreSQL instance is 9.4 and you migrate only DML operations, only the REPLICATION permission is required for the database account. |
Destination ApsaraDB RDS for PostgreSQL instance | CREATE and USAGE permissions on the objects to be migrated | Owner permissions on schemas |
For more information about how to create an account for an ApsaraDB RDS for PostgreSQL instance and grant permissions to the account, see Create an account and Create a database.
Migrate data between ApsaraDB RDS for SQL Server instances
Instance | Schema migration | Full data migration | Incremental data migration |
Source ApsaraDB RDS for SQL Server instance | The SELECT permission | The SELECT permission | The owner permissions on the objects to be migrated |
Destination ApsaraDB RDS for SQL Server instance | The read and write permissions | The read and write permissions | The read and write permissions |
For more information about how to create an account for an ApsaraDB RDS for SQL Server instance and grant permissions to the account, see Create a privileged account or a standard account and Modify the permissions of an account.
Preparations
Required. Obtain the IDs of the Alibaba Cloud accounts to which the source and destination ApsaraDB RDS instances belong.
NoteIf you have obtained the IDs of the required Alibaba Cloud accounts, skip the step.
Use each of the Alibaba Cloud accounts to which the source and destination instances belong to log on to the Alibaba Cloud Management Console and go to the Security Settings page.
Optional. In the left-side navigation pane, click Security Settings.
View and record the value of the Account ID parameter.
Create a RAM role for the source ApsaraDB RDS instance.
ImportantIf you grant permissions to a RAM role as a RAM user, an error message that indicates invalid permissions may appear when you configure a DTS task.
Log on to the RAM console by using the Alibaba Cloud account to which the source ApsaraDB RDS instance belongs.
In the left-side navigation pane, choose .
ImportantDo not choose
. Otherwise, DTS cannot access the instance, and an error is reported.On the Roles page, click Create Role.
On the Create Role page, set the Select Trusted Entity parameter to Alibaba Cloud Account and click Next.
In the Configure Role step, configure parameters for the RAM role.
Parameter
Description
RAM Role Name
The name of the RAM role. In this example, ram-for-dts is used as the name of the RAM role that is created by using the Alibaba Cloud account to which the source or destination instance belongs.
NoteThe role name must be 1 to 64 characters in length and can contain letters, digits, and hyphens (-).
Note
Optional. The description of the RAM role.
Select Trusted Alibaba Cloud Account
The trusted Alibaba Cloud account. In this example, Other Alibaba Cloud Account is selected and the ID of the Alibaba Cloud account to which the destination ApsaraDB RDS instance belongs is entered.
Click OK.
Grant permissions to the created RAM role.
Click Input and Attach.
On the Permissions tab, click Precise Permission.
In the Precise Permission panel, set the Type parameter to System Policy.
In the Policy Name field, enter AliyunDTSRolePolicy.
Click OK.
Click Close.
Modify the trust policy.
Optional. On the Roles page, find the created RAM role and click its name.
On the details page of the RAM role, click the Trust Policy tab.
On the Trust Policy tab, click Edit Trust Policy.
Copy the following code to the code editor:
{ "Statement": [ { "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "RAM": [ "acs:ram::<Alibaba Cloud account ID>:root" ], "Service": [ "<Alibaba Cloud account ID>@dts.aliyuncs.com" ] } } ], "Version": "1" }
Replace
<Alibaba Cloud account ID>
in the code with the ID of the Alibaba Cloud account to which the destination RDS instance belongs.Click Save trust policy document.
Procedure
In this example, data is migrated between ApsaraDB RDS for MySQL instances of different Alibaba Cloud accounts.
Go to the Data Migration Tasks page by using the Alibaba Cloud account to which the destination ApsaraDB RDS instance belongs.
Log on to the DMS console by using the Alibaba Cloud account to which the destination ApsaraDB RDS instance belongs.
In the top navigation bar, move the pointer over DTS.
Choose .
NoteYou can also go to the Data Migration page in the DTS console of the new version.
From the drop-down list next to Data Migration Tasks, select the region in which the data migration instance resides.
NoteIf you use the new DTS console, you must select the region in which the data migration instance resides in the upper-left corner.
On the Data Migration page, click Create Task. In the Create Task wizard, configure the source and destination databases.
WarningAfter you configure the source and destination databases, we recommend that you read the limits that are displayed in the upper part of the page. Otherwise, the task may fail or data inconsistency may occur.
Section
Parameter
Description
N/A.
Task Name
The name of the task. DTS automatically assigns a name to the task. We recommend that you specify a descriptive name that makes it easy to identify the task. You do not need to specify a unique task name.
Source Database
Select an existing DMS database instance
The database instance that you want to use. You can determine whether to select an existing instance based on your business requirements.
If you select an existing instance, DTS automatically populates the parameters for the instance.
If you do not select an existing instance, you must configure parameters for the source database.
Database Type
The type of the source database. Select MySQL.
Access Method
The access method of the source database. Select Alibaba Cloud Instance.
Instance Region
The region in which the source ApsaraDB RDS instance resides.
NoteYou can select different regions for the source and destination ApsaraDB RDS instances.
Replicate Data Across Alibaba Cloud Accounts
Specifies whether to migrate data across Alibaba Cloud accounts. In this example, Yes is selected.
Alibaba Cloud Account
The ID of the Alibaba Cloud account to which the source ApsaraDB RDS instance belongs.
NoteFor more information about how to obtain the ID of an Alibaba Cloud account, see the Preparations section of this topic.
RAM Role Name
The name of the RAM role that is configured for the Alibaba Cloud account to which the source ApsaraDB RDS instance belongs.
NoteFor more information about how to create and grant permissions to the RAM role, see the Preparations section of this topic.
RDS Instance ID
The ID of the source ApsaraDB RDS instance.
NoteIf an alert message is displayed when you select an ApsaraDB RDS instance ID, modify the parameter settings as prompted. For more information about alert messages, see the FAQ section of this topic.
Database Account
The account of the source database. For more information about the required permissions for the account, see the Permissions required for database accounts section of this topic.
Database Password
The password of the database account.
Encryption
Specifies whether to encrypt the connection to the source database. Select Non-encrypted or SSL-encrypted based on your requirements. In this example, Non-encrypted is selected.
NoteIf you want to select SSL-encrypted, you must enable SSL encryption for the ApsaraDB RDS instance before you configure the data migration task. For more information, see Configure the SSL encryption feature.
Destination Database
Select an existing DMS database instance
The database instance that you want to use. You can determine whether to select an existing instance based on your business requirements.
If you select an existing instance, DTS automatically populates the parameters for the instance.
If you do not select an existing instance, you must configure parameters for the destination database.
Database Type
The type of the destination database. Select MySQL.
Access Method
The access method of the destination database. Select Alibaba Cloud Instance.
Instance Region
The region in which the destination ApsaraDB RDS instance resides.
NoteYou can select different regions for the source and destination ApsaraDB RDS instances.
Replicate Data Across Alibaba Cloud Accounts
Specifies whether data is migrated across Alibaba Cloud accounts. In this example, No is selected.
RDS Instance ID
The ID of the destination ApsaraDB RDS instance.
Database Account
The account of the destination database. For more information about the permissions that are required for the account, see the Permissions required for database accounts section of this topic.
Database Password
The password of the database account.
Encryption
Specifies whether to encrypt the connection to the destination database. Select Non-encrypted or SSL-encrypted based on your requirements. In this example, Non-encrypted is selected.
NoteIf you want to select SSL-encrypted, you must enable SSL encryption for the ApsaraDB RDS instance before you configure the data migration task. For more information, see Configure SSL encryption for an ApsaraDB RDS for MySQL instance.
In the lower part of the page, click Test Connectivity and Proceed.
If the source or destination database is an Alibaba Cloud database instance, such as an ApsaraDB RDS for MySQL or ApsaraDB for MongoDB instance, DTS automatically adds the CIDR blocks of DTS servers to the IP address whitelist of the instance. If the source or destination database is a self-managed database hosted on an Elastic Compute Service (ECS) instance, DTS automatically adds the CIDR blocks of DTS servers to the security group rules of the ECS instance, and you must make sure that the ECS instance can access the database. If the self-managed database is hosted on multiple ECS instances, you must manually add the CIDR blocks of DTS servers to the security group rules of each ECS instance. If the source or destination database is a self-managed database that is deployed in a data center or provided by a third-party cloud service provider, you must manually add the CIDR blocks of DTS servers to the IP address whitelist of the database to allow DTS to access the database. For more information, see the "CIDR blocks of DTS servers" section of the Add the CIDR blocks of DTS servers to the security settings of on-premises databases topic.
WarningIf the public CIDR blocks of DTS servers are automatically or manually added to the IP address whitelist of a database instance or to the security group rules of an ECS instance, security risks may arise. Therefore, before you use DTS to migrate data, you must understand and acknowledge the potential risks and take preventive measures, including but not limited to the following measures: enhancing the security of your account and password, limiting the ports that are exposed, authenticating API calls, regularly checking the IP address whitelist or ECS security group rules and forbidding unauthorized CIDR blocks, and connecting the database to DTS by using Express Connect, VPN Gateway, or Smart Access Gateway.
Configure the objects to be migrated and advanced settings.
Parameter
Description
Migration Types
To perform only full data migration, select Schema Migration and Full Data Migration.
To ensure service continuity during data migration, select Schema Migration, Full Data Migration, and Incremental Data Migration.
NoteIf you do not select Incremental Data Migration, we recommend that you do not write data to the source database during data migration. This ensures data consistency between the source and destination databases.
Method to Migrate Triggers in Source Database
The method that is used to migrate triggers from the source database. You can select a migration method based on your business requirements. If no triggers are to be migrated, you do not need to configure this parameter. For more information, see Synchronize or migrate triggers from the source database.
NoteThis parameter is available only if you select Schema Migration and Incremental Data Migration for the Migration Types parameter.
Enable Migration Assessment
Specifies whether to enable migration assessment. Migration assessment aims to check whether the schemas of the source and destination databases, such as the length of indexes, stored procedures, and dependent tables, meet the requirements. You can select Yes or No based on your business requirements.
NoteYou can configure this parameter only if you select Schema Migration when you configure the Migration Types parameter.
If you select Yes, the precheck may take more time. You can view the assessment results during the precheck. The assessment results do not affect the precheck results.Assessment Result
Processing Mode of Conflicting Tables
Precheck and Report Errors: checks whether the destination database contains tables that have the same names as tables in the source database. If the source and destination databases do not contain tables that have identical table names, the precheck is passed. Otherwise, an error is returned during the precheck and the data migration task cannot be started.
NoteYou can use the object name mapping feature to rename the tables that are migrated to the destination database. You can use this feature if the source and destination databases contain tables that have identical table names and the tables in the destination database cannot be deleted or renamed. For more information, see Map object names.
Ignore Errors and Proceed: skips the precheck for identical table names in the source and destination databases.
WarningIf you select Ignore Errors and Proceed, data inconsistency may occur and your business may be exposed to the following potential risks:
If the source and destination databases have the same schemas, DTS does not migrate data records that have the same primary key values as data records in the destination database.
If the source and destination databases have different schemas, only specific columns are migrated or the data migration task fails. Proceed with caution.
Capitalization of Object Names in Destination Instance
The capitalization of database names, table names, and column names in the destination instance. By default, DTS default policy is selected. You can select other options to make sure that the capitalization of object names is consistent with that in the source or destination database. For more information, see Specify the capitalization of object names in the destination instance.
Source Objects
Select one or more objects from the Source Objects section and click the icon to add the objects to the Selected Objects section.
NoteYou can select columns, tables, or databases as the objects to be migrated. If you select tables or columns as the objects to be migrated, DTS does not migrate other objects, such as views, triggers, or stored procedures, to the destination database.
Selected Objects
- To rename an object that you want to migrate to the destination instance, right-click the object in the Selected Objects section. For more information, see Map the name of a single object.
- To rename multiple objects at a time, click Batch Edit in the upper-right corner of the Selected Objects section. For more information, see Map multiple object names at a time.
NoteIf you use the object name mapping feature to rename an object, other objects that depend on the object may fail to be migrated.
To specify WHERE conditions to filter data, right-click an object in the Selected Objects section. In the dialog box that appears, specify the conditions. For more information, see Set filter conditions.
To migrate DML or DDL operations performed on a specific database or table, right-click the object in the Selected Objects section. In the dialog box that appears, select the DML or DDL operations that you want to migrate.
Click Next: Advanced Settings to configure advanced settings.
Data Verification Settings
For more information about how to configure the data verification feature, see Enable data verification.
Advanced Settings
Parameter or setting
Description
Select the dedicated cluster used to schedule the task
By default, DTS schedules the data migration task to the shared cluster if you do not specify a dedicated cluster. You can also purchase and specify a dedicated cluster of the required specifications to run the data migration task. For more information, see What is a DTS dedicated cluster.
Set Alerts
Specifies whether to configure alerting for the data migration task. If the task fails or the migration latency exceeds the specified threshold, the alert contacts will receive notifications. Valid values:
No: does not configure alerting.
Yes: configures alerting. If you select Yes, you must also specify the alert threshold and alert contacts. For more information, see Configure monitoring and alerting.
Copy the temporary table of the Online DDL tool that is generated in the source table to the destination database.
If you use DMS or the gh-ost tool to perform online DDL operations on the source database, you can specify whether to migrate the data of temporary tables generated by online DDL operations. Valid values:
ImportantYou cannot use tools such as pt-online-schema-change to perform online DDL operations on the source database. Otherwise, the DTS task fails.
Yes: DTS migrates the data of temporary tables generated by online DDL operations.
NoteIf online DDL operations generate a large amount of data, the data migration task may take an extended period of time to complete.
No, Adapt to DMS Online DDL: DTS does not migrate the data of temporary tables generated by online DDL operations. Only the original DDL operations that are performed by using DMS are migrated.
NoteIf you select No, Adapt to DMS Online DDL, the tables in the destination database may be locked.
No, Adapt to gh-ost: DTS does not migrate the data of temporary tables generated by online DDL operations. Only the original DDL operations that are performed by using the gh-ost tool are migrated. You can use the default or custom regular expressions to filter out the shadow tables of the gh-ost tool and tables that are not required.
NoteIf you select No, Adapt to gh-ost, the tables in the destination database may be locked.
Whether to Migrate Accounts
Specifies whether to migrate accounts. In this example, No is selected.
Retry Time for Failed Connections
The retry time range for failed connections. If the source or destination database fails to be connected after the data migration task is started, DTS immediately retries a connection within the retry time range. Valid values: 10 to 1440. Unit: minutes. Default value: 720. We recommend that you set the parameter to a value greater than 30. If DTS is reconnected to the source and destination databases within the specified retry time range, DTS resumes the data migration task. Otherwise, the data migration task fails.
NoteIf you specify different retry time ranges for multiple data migration tasks that share the same source or destination database, the value that is specified later takes precedence.
When DTS retries a connection, you are charged for the DTS instance. We recommend that you specify the retry time range based on your business requirements. You can also release the DTS instance at your earliest opportunity after the source and destination instances are released.
The wait time before a retry when other issues occur in the source and destination databases.
The retry time range for other issues. For example, if DDL or DML operations fail to be performed after the data migration task is started, DTS immediately retries the operations within the retry time range. Valid values: 1 to 1440. Unit: minutes. Default value: 10. We recommend that you set the parameter to a value greater than 10. If the failed operations are successfully performed within the specified retry time range, DTS resumes the data migration task. Otherwise, the data migration task fails.
ImportantThe value of the The wait time before a retry when other issues occur in the source and destination databases parameter must be smaller than the value of the Retry Time for Failed Connections parameter.
Enable Throttling for Full Data Migration
Specifies whether to enable throttling for full data migration. During full data migration, DTS uses the read and write resources of the source and destination databases. This may increase the loads of the database servers. You can enable throttling for full data migration based on your business requirements. To configure throttling, you must configure the Queries per second (QPS) to the source database, RPS of Full Data Migration, and Data migration speed for full migration (MB/s) parameters. This reduces the loads of the destination database server.
NoteThis parameter is displayed only when Full Data Migration is selected as Migration Types.
Enable Throttling for Incremental Data Migration
Specifies whether to enable throttling for incremental data migration. To configure throttling, you must configure the RPS of Incremental Data Migration and Data migration speed for incremental migration (MB/s) parameters. This reduces the loads of the destination database server.
NoteThis parameter is displayed only when Incremental Data Migration is selected as Migration Types.
Environment Tag
The environment tag that is used to identify the DTS instance. You can select an environment tag based on your business requirements. In this example, no environment tag is added.
Configure ETL
Specifies whether to configure the extract, transform, and load (ETL) feature. For more information, see What is ETL? Valid values:
Yes: configures the ETL feature. You can enter data processing statements in the code editor. For more information, see Configure ETL in a data migration or synchronization task.
No: does not configure the ETL feature.
Whether to delete SQL operations on heartbeat tables of forward and reverse tasks
Specifies whether to write SQL operations on heartbeat tables to the source database while the DTS instance is running.
Yes: does not write SQL operations on heartbeat tables. In this case, a latency of the DTS instance may be displayed.
No: writes SQL operations on heartbeat tables. In this case, specific features such as physical backup and cloning of the source database may be affected.
In the lower part of the page, click Next: Save Task Settings and Precheck.
You can move the pointer over Next: Save Task Settings and Precheck and click Preview OpenAPI parameters to view the parameters to be specified when you call the relevant API operation to configure the DTS task.
NoteBefore you can start the data migration task, DTS performs a precheck. You can start the data migration task only after the task passes the precheck.
If the task fails to pass the precheck, click View Details next to each failed item. After you troubleshoot the issues based on the error message, you can run a precheck again.
If an alert is triggered for an item during the precheck:
If the alert item cannot be ignored, click View Details next to the failed item and troubleshoot the issues. Then, run a precheck again.
If the alert item can be ignored, click Confirm Alert Details. In the View Details dialog box, click Ignore. In the message that appears, click OK. Then, click Precheck Again to run a precheck again. If you ignore the alert item, data inconsistency may occur and your business may be exposed to potential risks.
Wait until the success rate becomes 100%. Then, click Next: Purchase Instance.
On the Purchase Instance page, configure the Instance Class parameter for the data migration instance. The following table describes the parameters.
Section
Parameter
Description
New Instance Class
Resource Group
The resource group to which the data migration instance belongs. Default value: default resource group. For more information, see What is Resource Management?
Instance Class
DTS provides instance classes that vary in the migration speed. You can select an instance class based on your business scenario. For more information, see Specifications of data migration instances.
Read and agree to Data Transmission Service (Pay-as-you-go) Service Terms by selecting the check box.
Click Buy and Start to start the data migration task. You can view the progress of the task in the task list.
FAQ
What Alibaba Cloud accounts do I use in different stages of a cross-account DTS task?
In a cross-account DTS task, the use of each Alibaba Cloud account is related to the database of the Alibaba Cloud account. Take note of the following items when you decide to use an Alibaba Cloud account:
NoteThe accounts that you use during the DTS task are Alibaba Cloud accounts.
If a database to be used during the task does not belong to the Alibaba Cloud account that you use to create the DTS task, set the Replicate Data Across Alibaba Cloud Accounts parameter of the database to Yes.
The Replicate Data Across Alibaba Cloud Accounts parameter is available only if you select MySQL or ClickHouse for the Database Type parameter in the Destination Database section.
The following table describes how to decide the Alibaba Cloud accounts that you need to use in different stages of the cross-account DTS task. You must decide the across-account database that you want to use first. Find the row that meets your business requirements based on the Across-account database column. Then, you can view the Alibaba Cloud accounts that you need to use in different stages of the cross-account DTS task.
Across-account database
Alibaba Cloud account that is used to log on to the RAM console
Alibaba Cloud account that is specified in the trust policy
Alibaba Cloud Account that is used to create the DTS task
Alibaba Cloud account that is configured for the Alibaba Cloud Account parameter
Source database
Alibaba Cloud account to which the source database belongs
Alibaba Cloud account to which the destination database belongs
Alibaba Cloud account to which the destination database belongs
Set the Alibaba Cloud Account parameter in the Source Database section to the Alibaba Cloud account to which the source database belongs.
Destination database
Alibaba Cloud account to which the destination database belongs
The Alibaba Cloud account to which the source database belongs
Alibaba Cloud account to which the source database belongs
Set the Alibaba Cloud Account parameter in the Destination Database section to the Alibaba Cloud account to which the destination database belongs.
Source and destination databases
Each of the Alibaba Cloud accounts to which the source and destination database belong
Specific Alibaba Cloud account
Specific Alibaba Cloud account
Set the Alibaba Cloud Account parameter in the Source Database section to the Alibaba Cloud account to which the source database belongs.
Set the Alibaba Cloud Account parameter in the Destination Database section to the Alibaba Cloud account to which the destination database belongs.
How do I handle the errors that occur when I configure a cross-account DTS task?
The following table shows the common error messages that appear when you configure a cross-account DTS task and provides the corresponding solutions.
Error message
Solution
The value of the Alibaba Cloud Account parameter is invalid. Check whether you enter a valid ID of the Alibaba Cloud account to which the source or destination instance belongs. For more information, see the Preparations section of this topic.
These errors may occur due to the following reasons:
The value of the RAM Role Name parameter is invalid. Check whether you enter a valid RAM role name of the Alibaba Cloud account to which the source or destination instance belongs.
The required permissions are not granted to the RAM role. Use the Alibaba Cloud account to which the source or destination instance belongs to grant permissions.
NoteFor more information, see the Preparations section of this topic.
These errors may occur due to the following reasons:
The value of the RAM Role Name parameter is invalid. Check whether you enter a valid RAM role name of the Alibaba Cloud account to which the source or destination instance belongs.
The required permissions are not granted to the RAM role. Check whether you have granted the required permissions to the RAM role.
The trust policy of the RAM role is not modified. Check whether you have modified the trust policy for the RAM role.
NoteFor more information, see the Preparations section of this topic.
The RAM role that you specify in the RAM Role Name parameter is not granted the required permissions. To grant the required permissions to the RAM role, go to the details page of the RAM role. On the Permissions tab, click Precise Permission and specify the policy in the Precise Permission panel. Then, create the task again. For example, you must grant the required permissions to the RAM role of the Alibaba Cloud account to which the source instance belongs. For information about how to grant permissions to a RAM role, see the "Grant permissions to an existing RAM role" section of the Configure RAM authorization for cross-account DTS tasks topic.