Migrate an on-premises VM to Amazon EC2 by using AWS Application Migration Service
Thanh Nguyen, Amazon Web Services
Summary
When it comes to application migration, organizations can take different approaches to rehost (lift and shift) the application’s servers from the on-premises environment to the Amazon Web Services (AWS) Cloud. One way is to provision new Amazon Elastic Compute Cloud (Amazon EC2) instances and then install and configure the application from scratch. Another approach is to use third-party or AWS native migration services to migrate multiple servers at the same time.
This pattern outlines the steps for migrating a supported virtual machine (VM) to an Amazon EC2 instance on the AWS Cloud by using AWS Application Migration Service. You can use the approach in this pattern to migrate one or multiple virtual machines manually, one by one, or automatically by creating appropriate automation scripts based on the outlined steps.
Prerequisites and limitations
Prerequisites
- An active AWS account in one of the AWS Regions that support Application Migration Service 
- Network connectivity between the source server and target EC2 server through a private network by using AWS Direct Connect or a virtual private network (VPN), or through the internet 
Limitations
- For the latest list of supported Regions, see the Supported AWS Regions. 
- For a list of supported operating systems, see the Supported operating systems and the General section of Amazon EC2 FAQs - . 
Architecture
Source technology stack
- A physical, virtual, or cloud-hosted server running an operating system supported by Amazon EC2 
Target technology stack
- An Amazon EC2 instance running the same operating system as the source VM 
- Amazon Elastic Block Store (Amazon EBS) 
Source and target architecture
The following diagram shows the high-level architecture and main components of the solution. In the on-premises data center, there are virtual machines with local disks. On AWS, there is a staging area with replication servers and a migrated resources area with EC2 instances for test and cutover. Both subnets contain EBS volumes.

- Initialize AWS Application Migration Service. 
- Set up the staging area server configuration and reporting, including staging area resources. 
- Install agents on source servers, and use continuous block-level data replication (compressed and encrypted). 
- Automate orchestration and system conversion to shorten the cutover window. 
Network architecture
The following diagram shows the high-level architecture and main components of the solution from the networking perspective, including required protocols and ports for communication between primary components in the on-premises data center and on AWS.

Tools
- AWS Application Migration Service helps you rehost (lift and shift) applications to the AWS Cloud without change and with minimal downtime. 
Best practices
- Do not take the source server offline or perform a reboot until the cutover to the target EC2 instance is complete. 
- Provide ample opportunity for the users to perform user acceptance testing (UAT) on the target server to identify and resolve any issues. Ideally, this testing should start at least two weeks before cutover. 
- Frequently monitor the server replication status on the Application Migration Service console to identify issues early on. 
- Use temporary AWS Identity and Access Management (IAM) credentials for agent installation instead of permanent IAM user credentials. 
Epics
| Task | Description | Skills required | 
|---|---|---|
| Create the AWS Replication Agent IAM role. | Sign in with administrative permissions to the AWS account. On the AWS Identity and Access Management (IAM) console 
 | AWS administrator, Migration engineer | 
| Generate temporary security credentials. | On a machine with AWS Command Line Interface (AWS CLI) installed, sign in with administrative permissions. Or alternatively (within a supported AWS Region), on the AWS Management Console, sign in with administrative permissions to the AWS account, and open AWS CloudShell. Generate temporary credentials with the following command, replacing  
 From the output of the command, copy the values for  ImportantThese temporary credentials will expire after one hour. If you need credentials after one hour, repeat the previous steps. | AWS administrator, Migration engineer | 
| Task | Description | Skills required | 
|---|---|---|
| Initialize the service. | On the console, sign in with administrative permissions to the AWS account. Choose Application Migration Service, and then choose Get started. | AWS administrator, Migration engineer | 
| Create and configure the Replication Settings template. | 
 Application Migration Service will automatically create all the IAM roles required to facilitate data replication and the launching of migrated servers. | AWS administrator, Migration engineer | 
| Task | Description | Skills required | 
|---|---|---|
| Have the required AWS credentials ready. | When you run the installer file on a source server, you will need to enter the temporary credentials that you generated earlier, including  | Migration engineer, AWS administrator | 
| For Linux servers, install the agent. | Copy the installer command, log in to your source servers, and run the installer. For detailed instructions, see the AWS documentation. | AWS administrator, Migration engineer | 
| For Windows servers, install the agent. | Download the installer file to each server, and then run the installer command. For detailed instructions, see the AWS documentation. | AWS administrator, Migration engineer | 
| Wait for initial data replication to be completed. | When the agent has been installed, the source server will appear on the Application Migration Service console, in the Source servers section. Wait while the server undergoes initial data replication. | AWS administrator, Migration engineer | 
| Task | Description | Skills required | 
|---|---|---|
| Specify the server details. | On the Application Migration Service console, choose the Source servers section, and then choose a server name from the list to access the server details. | AWS administrator, Migration engineer | 
| Configure the launch settings. | Choose the Launch settings tab. You can configure a variety of settings, including general launch settings and EC2 launch template settings. For detailed instructions, see the AWS documentation. | AWS administrator, Migration engineer | 
| Task | Description | Skills required | 
|---|---|---|
| Test the source servers. | 
 The servers will be launched. | AWS administrator, Migration engineer | 
| Verify that the test completed successfully. | After the test server is completely launched, the Alerts status on the page will show Launched for each server. | AWS administrator, Migration engineer | 
| Test the server. | Perform testing against the test server to ensure that it functions as expected. | AWS administrator, Migration engineer | 
| Task | Description | Skills required | 
|---|---|---|
| Schedule a cutover window. | Schedule an appropriate cutover timeframe with relevant teams. | AWS administrator, Migration engineer | 
| Perform the cutover. | 
 The source server's Migration lifecycle will change to Cutover in progress. | AWS administrator, Migration engineer | 
| Verify that the cutover completed successfully. | After the cutover servers are completely launched, the Alerts status on the Source Servers page will show Launched for each server. | AWS administrator, Migration engineer | 
| Test the server. | Perform testing against the cutover server to ensure that it functions as expected. | AWS administrator, Migration engineer | 
| Finalize the cutover. | Choose Test and Cutover, and then select Finalize cutover to finalize the migration process. | AWS administrator, Migration engineer |