Description

This curriculum spans the equivalent of a multi-workshop technical engagement, covering the sequence of activities from initial workload assessment to post-migration optimization, as typically managed by cloud migration teams in medium to large enterprises.

Module 1: Assessing Readiness and Defining Migration Scope

Selecting which on-premises workloads to migrate based on technical dependencies, business criticality, and licensing constraints.
Conducting inventory assessments using AWS Application Discovery Service to map interdependencies and performance baselines.
Determining migration eligibility by evaluating custom legacy applications against AWS compatibility requirements.
Establishing stakeholder alignment on migration timelines, ownership, and success metrics across IT, security, and business units.
Deciding whether to include third-party SaaS applications in the migration scope or maintain hybrid integration points.
Classifying data sensitivity levels to inform security, residency, and compliance requirements during migration planning.

Module 2: Designing Cloud Architecture and Target Environment

Selecting appropriate AWS compute models (EC2, ECS, Lambda) based on workload characteristics and scalability needs.
Designing VPC topology with subnets, route tables, and security groups to support multi-tier application segmentation.
Choosing between AWS-managed databases (RDS, DynamoDB) and self-managed instances based on operational overhead tolerance.
Implementing cross-AZ high availability for critical systems while balancing cost and recovery time objectives.
Integrating existing identity providers with AWS IAM using SAML or OIDC for centralized access control.
Planning DNS and routing strategies using Route 53 and hybrid connectivity options like AWS Direct Connect or VPN.

Module 3: Data Migration and Storage Strategy

Executing large-scale database migrations using AWS DMS while managing cutover windows and data consistency.
Selecting storage classes (S3 Standard, Glacier, EBS gp3/io2) based on access patterns, durability, and cost.
Implementing data validation checks post-migration to verify integrity and completeness across systems.
Handling unstructured data migration from NAS/SAN to S3 using AWS DataSync with throughput and scheduling constraints.
Applying encryption (SSE-S3, SSE-KMS) and bucket policies during data transfer to meet compliance obligations.
Establishing data retention and archival workflows using S3 Lifecycle policies aligned with regulatory requirements.

Module 4: Application Refactoring and Modernization

Deciding whether to rehost (lift-and-shift), refactor, or rebuild applications based on TCO and technical debt.
Containerizing monolithic applications using Amazon ECS or EKS with minimal disruption to existing workflows.
Replacing legacy messaging systems with Amazon SQS, SNS, or MSK based on throughput and reliability needs.
Implementing API gateways to expose backend services securely with rate limiting and authentication.
Migrating stateful applications by decoupling storage from compute and using EBS snapshots or EFS.
Updating application configuration to consume AWS services (e.g., Parameter Store, Secrets Manager) instead of hardcoded values.

Module 5: Security, Compliance, and Identity Governance

Enforcing least-privilege access using IAM roles and policies across development, staging, and production accounts.
Integrating AWS Config and Security Hub to continuously monitor compliance with organizational and regulatory standards.
Implementing centralized logging using CloudTrail, VPC Flow Logs, and Amazon OpenSearch Service for auditability.
Managing encryption key lifecycle using AWS KMS with customer-managed CMKs for sensitive data sets.
Applying network security controls via Security Groups, NACLs, and AWS WAF for public-facing applications.
Conducting penetration testing under AWS Acceptable Use Policy and coordinating with internal security teams.

Module 6: Operational Readiness and CI/CD Integration

Setting up automated infrastructure provisioning using AWS CloudFormation or Terraform in version-controlled repositories.
Integrating AWS CodePipeline with on-premises Jenkins or GitLab CI to support hybrid deployment workflows.
Configuring health checks and auto-recovery for EC2 instances using CloudWatch Alarms and Auto Scaling policies.
Migrating monitoring dashboards from on-prem tools (e.g., Nagios, Zabbix) to CloudWatch and Prometheus on EKS.
Establishing incident response procedures for cloud-specific failure modes (e.g., AZ outages, throttling).
Training operations teams on AWS console navigation, CLI usage, and troubleshooting common service issues.

Module 7: Cutover Execution and Post-Migration Validation

Coordinating cutover timelines with business units to minimize disruption during go-live events.
Executing final data syncs and validating referential integrity between source and target databases.
Switching DNS records via Route 53 with weighted routing to enable controlled traffic shifts.
Validating application functionality through automated test suites and user acceptance testing (UAT) sign-off.
Decommissioning on-premises infrastructure only after confirming stable operation in AWS and data backup completeness.
Conducting post-migration reviews to document lessons learned, performance variances, and optimization opportunities.

Module 8: Cost Management and Optimization Post-Migration

Implementing AWS Cost Explorer and Budgets to track spending across services and departments.
Negotiating Reserved Instances or Savings Plans based on steady-state usage patterns identified post-migration.
Right-sizing EC2 instances and EBS volumes using Compute Optimizer recommendations and performance data.
Enabling S3 Intelligent-Tiering for data sets with unpredictable access patterns to reduce storage costs.
Tagging all resources consistently to enable chargeback, showback, and accountability reporting.
Establishing automated shutdown policies for non-production environments using AWS Instance Scheduler.