Migrating on-premises servers to AWS over private networks by using AWS Application Migration Service - AWS Prescriptive Guidance

Migrating on-premises servers to AWS over private networks by using AWS Application Migration Service

Mike Kuznetsov and Dipin Jain, Amazon Web Services (AWS)

March 2023 (document history)

Many companies migrate to AWS from isolated or semi-isolated network environments such as on-premises data centers or other cloud or hybrid infrastructures. Such isolated networks typically do not allow any egress traffic to external endpoints, which is required for migration over the network. Other companies do allow HTTPS egress traffic from their internal networks but do not permit specific communications on network ports required by AWS Application Migration Service, which is the primary AWS service for large lift-and-shift migrations. In a third scenario, HTTPS traffic is allowed from both source and staging areas, but data replication traffic is required to go over the private channel for compliance reasons. 

Application Migration Service supports these use cases and allows you to migrate from secured isolated environments by using only private or hybrid private/public network connectivity. This guide describes these three scenarios, ranging from the two hybrid public/private models to the fully isolated one, and focuses on detailed steps and infrastructure requirements for the most restrictive, private-only option. It builds on the AWS Prescriptive Guidance pattern Connect to Application Migration Service data and control planes over a private network by providing:

  • Additional details on required connectivity in each scenario

  • Explanations of AWS resources that must be created

  • Automation options for building the testing infrastructure on AWS and deploying the infrastructure during the migration phase

  • Options for monitoring and troubleshooting connectivity for each use case

For more information about how Application Migration Service works, see these blog posts: