Infrastructure as Code automates AWS Transform deployment and configuration, reducing setup time and manual steps.
Overview
This Guidance provides an automated approach to deploy AWS Transform using infrastructure as code (IaC). It simplifies deployment by automatically provisioning AWS services and security controls required by AWS Transform. The guidance accelerates time-to-value for organizations migrating and modernizing their workloads while ensuring adherence to AWS best practices and security standards. AWS Transform is the first agentic AI service developed to accelerate enterprise modernization of workloads.
Benefits
Simplified setup
Secure foundation
Implements AWS security best practices through IAM Identity Center configuration and role-based access control.
Guided approach
Provides step-by-step instructions and templates for configuring AWS Transform and associated services.
How it works
Phase 1
This architecture diagram shows Phase 1 of the setup and AWS account structure for VMware workload migration using AWS Transform.
Download the architecture diagram
Step 1
The customer VMware environment hosts the workloads to be migrated. RVTools can be used along with optional import/export functionality for customers running VMware NSX.
Step 2
AWS Application Discovery Agent (in addition to or instead of RVTools) gathers and collects data and dependencies for migration. AWS Replication Agent migrates virtual machines to AWS.
Step 3
AWS Transform for VMware discovery workspaces are available globally. A full list of supported AWS Regions can be found in the Supported Regions for AWS Transform section of the AWS Transform User Guide.
Step 4
AWS Transform for VMware helps optimize infrastructure and reduces operational overhead, giving you a more predictable, cost-efficient path to modernization.
Step 5
The Inventory Discovery capability collects data from the on-premises environment and stores it in the discovery account's Amazon Simple Storage Service (Amazon S3) buckets.
Step 6
As part of AWS Transform, the Wave Planning capability uses graph neural networks to analyze application dependencies and plan migration waves.
Phase 2
This architecture diagram shows Phase 2 of the setup and AWS account structure for VMware workload migration using AWS Transform.
Download the architecture diagram
Step 7
The AWS migration planning account hosts Application Discovery Service for migration planning activities, while the discovery account securely isolates collected infrastructure data.
Step 8
AWS Key Management Service (AWS KMS) encrypts data using AWS managed keys by default or optional customer managed keys (CMKs).
Step 9
AWS Organizations enables centralized management of AWS accounts through organizational units (OUs).
Step 10
Amazon CloudWatch monitors AWS Transform activities, resources, and metrics in the management account.
Step 11
AWS Identity and Access Management (IAM) Identity Center provides centralized access management across all AWS accounts.
Step 12
S3 buckets in the planning and discovery accounts store key migration artifacts, including inventory data, dependency mappings, wave plans, and application groupings in both the planning and discovery accounts.
Step 13
AWS CloudFormation automates resource provisioning across AWS accounts and Regions for test and production environments.
Step 14
AWS CloudTrail logs API activities in AWS accounts, while AWS Transform tracks migration activities.
Step 15
Application Discovery Service collects server inventory and dependencies to support application grouping and wave planning.
Step 16
AWS KMS encrypts discovery account S3 buckets that store source environment data.
Phase 3
This architecture diagram shows Phase 3 of the setup and AWS account structure for VMware workload migration using AWS Transform.
Download the architecture diagram
Step 17
The AWS target (provisioning) account hosts migrated production workloads and applications.
Step 18
The AWS Transform network migration capability converts on-premises networks to AWS using CloudFormation and AWS Cloud Development Kit (AWS CDK) templates.
Step 19
AWS Transform orchestrates end-to-end migration by coordinating across various AWS tools and service, including the AWS Transform MGN server migration or rehost capability.
Step 20
Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store (Amazon EBS) host migrated VMware virtual machines with recommended AMI instance types and storage.
Step 21
The network foundation of this migration relies on Amazon Virtual Private Cloud (Amazon VPC) and AWS Transit Gateway working in tandem, where Amazon VPC provides dedicated network isolation for migrated workloads while Transit Gateway acts as the central hub connecting these virtual private clouds (VPCs). NAT gateways enable secure internet access for private subnet resources.
Step 22
MGN handles the core migration by managing both the initial server replication process and orchestrating the test and cutover instance launches. A comprehensive set of AWS services, including AWS KMS, CloudWatch, CloudTrail, IAM permissions, CloudFormation, and Amazon S3, work together to maintain security, enable in-depth monitoring, and automate the infrastructure deployment through stored per-wave migration plans.
Standard .NET Transform Process
This architecture illustrates how to transform .NET code using AWS Transform for .NET, integrating developer IDE and web portal workflow with AWS services for secure, scalable code modification and deployment.
Download the architecture diagram
Step 1
The user authenticates through AWS Identity and Access Management (IAM) Identity Center.
Step 2
The user selects a solution or project to transform. AWS Transform for .NET builds code locally to verify if it is buildable and configured correctly for transformation.
Step 3
The Specialized Agent in AWS Transform for .NET requests a unique transformation job ID, which creates an association at the AWS Transform for .NET service account securing the job ID to the user who requested the transformation.
Step 4
AWS Transform for .NET then uploads code to an Amazon Simple Storage Service (Amazon S3) bucket. The bucket is sorted by account ID and job ID. When a job reads from the bucket, access is limited to the code relevant to that job. Code from other jobs, even for the same customer, remains inaccessible to the running job process.
Step 5
Transformed code is saved in Amazon S3 under the same job ID.
Step 6
Use the Amazon Q Developer extension in the Developer IDE to download the code directly from AWS Transform for .NET.
Step 7
AWS Transform's specialized agent analyzes incompatibilities, generates and replaces code to automatically port applications from outdated C# to Linux-compatible versions, upgrading .NET Framework to cross-platform .NET, and updating NuGet packages and APIs.
Web Experience-Specific
This architecture illustrates how to transform .NET code using AWS Transform for .NET, integrating developer IDE and web portal workflow with AWS services for secure, scalable code modification and deployment.
Download the architecture diagram
Step 1
For web portal users, AWS CodeConnections provides secure access to authorized source code repositories that AWS Transform for .NET can access.
Step 2
The Amazon Elastic Compute Cloud (Amazon EC2) instance that hosts the Sandbox environment clones the repository and processes transformations in isolation, with one sandbox per job to prevent cross-contamination.
Step 3
After completing the transformation, the changes are committed to the repository in a new branch.
Supporting Services
This architecture illustrates how to transform .NET code using AWS Transform for .NET, integrating developer IDE and web portal workflow with AWS services for secure, scalable code modification and deployment.
Download the architecture diagram
Step 1
AWS Transform for .NET validates Amazon S3 bucket access by matching job ID with the initiating user's saved code. The service removes code from the Amazon S3 bucket twenty-four hours after job completion.
Step 2
AWS Transform for .NET deploys ephemeral agents for both web and IDE experiences, which perform the code transformation tasks and automatically terminate after job completion.
Step 3
AWS Transform for .NET processes selected repositories in isolated sandboxes, with one sandbox per job.
Deploy with confidence
Everything you need to launch this Guidance in your account is right here.
Let's make it happen
Ready to deploy? Review the sample code on GitHub for detailed deployment instructions to deploy as-is or customize to fit your needs.
Related content
Modernize .NET applications at scale with AWS Transform for .NET
This blog post demonstrates how AWS Transform for .NET helps enterprises modernize legacy .NET applications by automatically analyzing and migrating them to cloud-native architectures on AWS.
Migrate and modernize VMware workloads with AWS Transform for VMware
This AWS blog shows you how to automate VMware workload migrations to the AWS Cloud using AWS Transform for VMware, which handles initial discovery through migration using AI-driven automation.
AWS Transform for VMware demo
This demo showcases AWS Transform for VMware in action, allowing you to explore its key features and capabilities through an interactive, self-guided experience.