How to face a large enterprise migration to the cloud by using AWS Cloud Adoption Framework/Well-Architected, image factory approach, infrastructure as a code CI/CD. Special thanks to Aryam Gutierrez Lopez for the initial version of this deck

2. Monster Migrations
(and legacy) v2
Juan Manuel Irigaray

3. $(whoami) – Juan Manuel Irigaray aka. Juancho
@tranjuan
I’m a Coder / Marathon Runner / Occasional
Skydiver
Did first large migration to AWS in 2009
Second one from Argentina to Spain in 2013

Co-Founded / CTO CloudMas in 2013 (first
AWS Premier partner in Spain!)
Helping others adopt the cloud from Equinix
and the community
I’m not Jeff Bar, I’m the one on the right 

4. How a migration looked 9+ years ago
• AWS was a no brainer for Startups and
Websites
• Main pipeline was to build XML/Metadata
for AMI build
• Governance was simple – Only EC2, no
VPC, no EBS, nothing 
• Install your tooling, do frequent
snapshots!
• Pray not having any problem with your
physical host (no EBS!)
• Be a leader!

5. How they look now - Taming the wild
After a lot of years and
acquisitions companies had
created the application Jurassic
Park
Wild places full of unknown
species interacting in unknown
ways
The last 30 years were about
creation, now the time for
stabilization has come

6. Where do I start?

7. Adopt a Framework! – AWS CAF and AWS Well
Architected Framework tools
• When possible create an internal Tiger team with SME and executive sponsors within
the organization – involve people and help them transform
• Use the correct strategy for each problem (one size doesn’t fit all)
• Use AWS Cloud Adoption Framework (https://aws.amazon.com/professional-
services/CAF/) as a foundation and AWS Well Architected Tool and Reviews (can be
delivered by free from selected partners!)
• At early stages use Workshop approach to identify possible work streams (solve the
“measuring the immeasurable” problem step by step
• Conduct self cloud-readiness self assessment organization wide every 3 months
when possible! (AWS Assessment Tool https://cloudreadiness.amazonaws.com/)

8. Step trough each of the AWS CAF Perspectives

9. Understand shared responsibility model

10. Develop an AWS CAF Action Plan
https://d1.awsstatic.com/professional-services/caf/AWS_CAF_Creating_an_Action_Plan_Nov2017.pdf

11. Done!
(not really…not even close)

12. Implement a Migration Process

13. Workload Discovery and Planning
Cloud Migration Readiness
Identify and execute quick-wins
Challenges and critical areas
Resolution through POC/Well-Architected Review
6R analysis
Retire
Repurchase
Replatform
Retain
Rehost
Refactor
Cross analysis
People and teams
Development/Operation
Comms/Network/Security
Understanding why will help to determine
the best migration strategy.
If costs are not the biggest concern and
the priority is to be a cloud-first then a like-
for-like servers in AWS will make sense.
Most cost reduction opportunities will
appear after moving to the desired cloud
service through a detailed analysis after
workload stabilization

14. Application Migration Strategies

15. Automate IaC pipeline
(and secure by default)

16. Automate Security
● Adopt least privilege principle, grant only permissions
required to perform specific tasks
● Automate CloudFormation/Terraform/your flavor templates
and security aspects - ex.: cf-validator
● Design naming conventions for your resources, networks,
IAM for automatic rule enforcement
● Align your security strategy with your compliance needs by
design, ex.: Centrify, Splunk, AWS Config
● Integrate least privilege within your networks, VPN /
DirectConnect and automate through API
● Encrypt end-to-end, AWS built—in encryption in several
products / solutions like KMS, CloudHSM
● Least privilege always 

17. AWS Well-Architected Framework
Integrate Well-Architected Framework in your
pipeline to ensure all of your designs and
mission-critical applications are compliant
with AWS best practices, secure, high-
performing, resilient, and efficient. Well
Architected helps build and deploy faster,
lower or mitigate risks, make informed
decisions.
Use the well architected framework review
tool as part of your pipeline to ensure all of
your designs are aligned with the five pillars
Pro-tip: AWS Partners will help you review your applications (and sometimes for free  )

18. Infrastructure as a code CI/CD
Automate environment
validation with functional rules
(ex.: Jenkins trigger, TravisCI,
TFS)
Use triggers to deploy new
versions of infrastructure
Integrate with network and
operations building blocks
(ex.: launch requests when a
security group changes)

19. Image factory approach
Allows quick integration of new
requirements in base images
Enables automatic functional and
integration tests
Hardened images for specific
requirements / compliance
Helps future Operations (automatic
deploy when images gets
invalidated)
Highly recommended to use AWS
Systems Manager!

20. Legacy workloads

21. Lift and Shift approach
• Can be made “cloud” compatible 
• “Divide and conquer” – split your application in smaller workloads ex.:
OS, application container, cronjobs, etc.
• Compatible with legacy workloads– requires no code change
• Should be a transitionary state to a more cloud native approach
• Rationalize small workloads into set of templates and reuse
• Facilitates blue-green testing, DR solutions and possible roll-back to
old applications

22. AWS Migration Tools and Services
Server & Database
● VM Import/Export
● AWS Server Migration Service
● AWS Database Migration Service
● Application Discovery Service
● AWS Migration Hub
● AWS MQ
Data
● AWS Snowball
● AWS Snowmobile
● AWS Direct Connect
● AWS Kinesis Firehose
● AWS FSx for Windows File Server

23. VM Import/Export
https://aws.amazon.com/ec2/vm-import/
● Doesn’t require Hypervisor Access
● VMDK, VHD, OVA
● OS Limitation
● VM Preparation required
● Post Migration tasks
$ aws ec2 import-image --description "Windows 2008 VMDKs" --license-type BYOL --diskcontainers
file://containers.json

24. VM Import/Export
[
{
"Description": "First disk",
"Format": "vmdk",
"UserBucket": {
"S3Bucket": "my-import-bucket",
"S3Key": "disks/my-windows-2008-vm-disk1.vmdk"
}
},
{
"Description": "Second disk",
"Format": "vmdk",
"UserBucket": {
"S3Bucket": "my-import-bucket",
"S3Key": "disks/my-windows-2008-vm-disk2.vmdk"
}
}
]

25. Server Migration Service (SMS)
https://aws.amazon.com/es/server-migration-service/
● VMWare vCenter / Hyper-V
● AWS Server Migration Service Connector (FreeBSD OVA / Microsoft Connector)
● Requires permission in order to create/delete snapshots
● Access through AWS Console & CLI
● Limited to certain OS and licenses
● One time migration/Replication Jobs

26. Database Migration Service (DMS)
https://aws.amazon.com/dms/
● One time migration/Live Migration Replication
● Homogeneous migrations
● Requires replication instance!
● DDL Statements support
● Sources: MySQL, PostgreSQL, SQL Server, Oracle, MariaDB, MongoDB, Aurora, SAP
Adaptive Server Enterprise
● Targets: MySQL, PostgreSQL, SQL Server, Oracle, MariaDB, Aurora (MySQL y
PostgreSQL), Redshift, S3, DynamoDB, SAP Adaptive Server Enterprise
● Heterogenous migrations (AWS Schema Conversion Tool)

27. AWS Schema Conversion Tool
https://aws.amazon.com/dms/schema-conversion-tool/
Heterogeneous database migrations by
automatically converting the source
database schema and a majority of the
database code objects, including views,
stored procedures, and functions, to a
format compatible with the target
database.

28. Workload case study

29. Hybrid Cloud Case Study
● Hybrid Cloud scenario
● On Premise: App, SQL Server, TFS (builds & deploys)
● AWS: CPU scaled app with CodeDeploy deploys
● Direct Connect for Datacenter <-> AWS VPC connectivity
● Custom integration between TFS and CodeDeploy to control deploy
workflows
● This entire infrastructure is managed and versioned with Terraform

31. Thanks