# Guidance for Automated Setup for AWS Transform ## Overview This Guidance provides an automated approach to deploy AWS Transform using infrastructure as code (IaC). It simplifies deployment by automatically provisioning AWS services and security controls required by AWS Transform. The guidance accelerates time-to-value for organizations migrating and modernizing their workloads while ensuring adherence to AWS best practices and security standards. AWS Transform is the first agentic AI service developed to accelerate enterprise modernization of workloads. ## Benefits ### Simplified setup Infrastructure as Code automates AWS Transform deployment and configuration, reducing setup time and manual steps. ### Secure foundation Implements AWS security best practices through IAM Identity Center configuration and role-based access control. ### Guided approach Provides step-by-step instructions and templates for configuring AWS Transform and associated services. ## How it works ### Phase 1 This architecture diagram shows Phase 1 of the setup and AWS account structure for VMware workload migration using AWS Transform. [Download the architecture diagram](https://d1.awsstatic.com/onedam/marketing-channels/website/aws/en_US/solutions/approved/documents/architecture-diagrams/automated-setup-for-aws-transform.pdf)Step 1The customer VMware environment hosts the workloads to be migrated. RVTools can be used along with optional import/export functionality for customers running VMware NSX.Step 2AWS Application Discovery Agent (in addition to or instead of RVTools) gathers and collects data and dependencies for migration. AWS Replication Agent migrates virtual machines to AWS.Step 3AWS Transform for VMware discovery workspaces are available globally. A full list of supported AWS Regions can be found in the Supported Regions for AWS Transform section of the AWS Transform User Guide.Step 4AWS Transform for VMware helps optimize infrastructure and reduces operational overhead, giving you a more predictable, cost-efficient path to modernization.Step 5The Inventory Discovery capability collects data from the on-premises environment and stores it in the discovery account's Amazon Simple Storage Service (Amazon S3) buckets.Step 6As part of AWS Transform, the Wave Planning capability uses graph neural networks to analyze application dependencies and plan migration waves.### Phase 2 This architecture diagram shows Phase 2 of the setup and AWS account structure for VMware workload migration using AWS Transform. [Download the architecture diagram](https://d1.awsstatic.com/onedam/marketing-channels/website/aws/en_US/solutions/approved/documents/architecture-diagrams/automated-setup-for-aws-transform.pdf)Step 7The AWS migration planning account hosts Application Discovery Service for migration planning activities, while the discovery account securely isolates collected infrastructure data.Step 8AWS Key Management Service (AWS KMS) encrypts data using AWS managed keys by default or optional customer managed keys (CMKs).Step 9AWS Organizations enables centralized management of AWS accounts through organizational units (OUs).Step 10Amazon CloudWatch monitors AWS Transform activities, resources, and metrics in the management account.Step 11AWS Identity and Access Management (IAM) Identity Center provides centralized access management across all AWS accounts.Step 12S3 buckets in the planning and discovery accounts store key migration artifacts, including inventory data, dependency mappings, wave plans, and application groupings in both the planning and discovery accounts.Step 13AWS CloudFormation automates resource provisioning across AWS accounts and Regions for test and production environments.Step 14AWS CloudTrail logs API activities in AWS accounts, while AWS Transform tracks migration activities.Step 15Application Discovery Service collects server inventory and dependencies to support application grouping and wave planning.Step 16AWS KMS encrypts discovery account S3 buckets that store source environment data.### Phase 3 This architecture diagram shows Phase 3 of the setup and AWS account structure for VMware workload migration using AWS Transform. [Download the architecture diagram](https://d1.awsstatic.com/onedam/marketing-channels/website/aws/en_US/solutions/approved/documents/architecture-diagrams/automated-setup-for-aws-transform.pdf)Step 17The AWS target (provisioning) account hosts migrated production workloads and applications.Step 18The AWS Transform network migration capability converts on-premises networks to AWS using CloudFormation and AWS Cloud Development Kit (AWS CDK) templates.Step 19AWS Transform orchestrates end-to-end migration by coordinating across various AWS tools and service, including the AWS Transform MGN server migration or rehost capability.Step 20Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Elastic Block Store (Amazon EBS) host migrated VMware virtual machines with recommended AMI instance types and storage.Step 21The network foundation of this migration relies on Amazon Virtual Private Cloud (Amazon VPC) and AWS Transit Gateway working in tandem, where Amazon VPC provides dedicated network isolation for migrated workloads while Transit Gateway acts as the central hub connecting these virtual private clouds (VPCs). NAT gateways enable secure internet access for private subnet resources.Step 22MGN handles the core migration by managing both the initial server replication process and orchestrating the test and cutover instance launches. A comprehensive set of AWS services, including AWS KMS, CloudWatch, CloudTrail, IAM permissions, CloudFormation, and Amazon S3, work together to maintain security, enable in-depth monitoring, and automate the infrastructure deployment through stored per-wave migration plans.### Standard .NET Transform Process This architecture illustrates how to transform .NET code using AWS Transform for .NET, integrating developer IDE and web portal workflow with AWS services for secure, scalable code modification and deployment. [Download the architecture diagram](https://d1.awsstatic.com/onedam/marketing-channels/website/aws/en_US/solutions/approved/documents/architecture-diagrams/automated-setup-for-aws-transform.pdf#page=4)Step 1The user authenticates through AWS Identity and Access Management (IAM) Identity Center.Step 2The user selects a solution or project to transform. AWS Transform for .NET builds code locally to verify if it is buildable and configured correctly for transformation.Step 3The Specialized Agent in AWS Transform for .NET requests a unique transformation job ID, which creates an association at the AWS Transform for .NET service account securing the job ID to the user who requested the transformation.Step 4AWS Transform for .NET then uploads code to an Amazon Simple Storage Service (Amazon S3) bucket. The bucket is sorted by account ID and job ID. When a job reads from the bucket, access is limited to the code relevant to that job. Code from other jobs, even for the same customer, remains inaccessible to the running job process.Step 5Transformed code is saved in Amazon S3 under the same job ID.Step 6Use the Amazon Q Developer extension in the Developer IDE to download the code directly from AWS Transform for .NET.Step 7AWS Transform's specialized agent analyzes incompatibilities, generates and replaces code to automatically port applications from outdated C# to Linux-compatible versions, upgrading .NET Framework to cross-platform .NET, and updating NuGet packages and APIs.### Web Experience-Specific This architecture illustrates how to transform .NET code using AWS Transform for .NET, integrating developer IDE and web portal workflow with AWS services for secure, scalable code modification and deployment. [Download the architecture diagram](https://d1.awsstatic.com/onedam/marketing-channels/website/aws/en_US/solutions/approved/documents/architecture-diagrams/automated-setup-for-aws-transform.pdf#page=5)Step 1For web portal users, AWS CodeConnections provides secure access to authorized source code repositories that AWS Transform for .NET can access.Step 2The Amazon Elastic Compute Cloud (Amazon EC2) instance that hosts the Sandbox environment clones the repository and processes transformations in isolation, with one sandbox per job to prevent cross-contamination.Step 3After completing the transformation, the changes are committed to the repository in a new branch.### Supporting Services This architecture illustrates how to transform .NET code using AWS Transform for .NET, integrating developer IDE and web portal workflow with AWS services for secure, scalable code modification and deployment. [Download the architecture diagram](https://d1.awsstatic.com/onedam/marketing-channels/website/aws/en_US/solutions/approved/documents/architecture-diagrams/automated-setup-for-aws-transform.pdf#page=6)Step 1AWS Transform for .NET validates Amazon S3 bucket access by matching job ID with the initiating user's saved code. The service removes code from the Amazon S3 bucket twenty-four hours after job completion.Step 2AWS Transform for .NET deploys ephemeral agents for both web and IDE experiences, which perform the code transformation tasks and automatically terminate after job completion.Step 3AWS Transform for .NET processes selected repositories in isolated sandboxes, with one sandbox per job.## Deploy with confidence Everything you need to launch this Guidance in your account is right here. - **Let's make it happen**: Ready to deploy? Review the sample code on GitHub for detailed deployment instructions to deploy as-is or customize to fit your needs. [Go to sample code](https://github.com/aws-solutions-library-samples/guidance-for-automated-setup-of-aws-transform) ## Related content - **Modernize .NET applications at scale with AWS Transform for .NET**: This blog post demonstrates how AWS Transform for .NET helps enterprises modernize legacy .NET applications by automatically analyzing and migrating them to cloud-native architectures on AWS. [Read the blog](https://aws.amazon.com/blogs/modernizing-with-aws/modernize-net-applications-at-scale-with-aws-transform-for-net/) - **Migrate and modernize VMware workloads with AWS Transform for VMware**: This AWS blog shows you how to automate VMware workload migrations to the AWS Cloud using AWS Transform for VMware, which handles initial discovery through migration using AI-driven automation. [Read the blog](https://aws.amazon.com/blogs/architecture/migrate-and-modernize-vmware-workloads-with-aws-transform-for-vmware/) - **AWS Transform for VMware demo**: This demo showcases AWS Transform for VMware in action, allowing you to explore its key features and capabilities through an interactive, self-guided experience. [Explore the demo](https://aws.storylane.io/demo/qye0se68an9i) [Read usage guidelines](/solutions/guidance-disclaimers/)