Migrating on-premises servers to AWS over private networks by using AWS Application Migration Service
Mike Kuznetsov and Dipin Jain, Amazon Web Services (AWS)
March 2023 (document history)
Many companies migrate to AWS from isolated or semi-isolated network environments such as
  on-premises data centers or other cloud or hybrid infrastructures. Such isolated networks
  typically do not allow any egress traffic to external endpoints, which is required for migration
  over the network. Other companies do allow HTTPS egress traffic from their internal networks but
  do not permit specific communications on network ports
  required by AWS Application Migration Service
Application Migration Service supports these use cases and allows you to migrate from secured isolated environments by using only private or hybrid private/public network connectivity. This guide describes these three scenarios, ranging from the two hybrid public/private models to the fully isolated one, and focuses on detailed steps and infrastructure requirements for the most restrictive, private-only option. It builds on the AWS Prescriptive Guidance pattern Connect to Application Migration Service data and control planes over a private network by providing:
- 
   Additional details on required connectivity in each scenario 
- 
   Explanations of AWS resources that must be created 
- 
   Automation options for building the testing infrastructure on AWS and deploying the infrastructure during the migration phase 
- 
   Options for monitoring and troubleshooting connectivity for each use case 
For more information about how Application Migration Service works, see these blog posts: