How AWS Is Using Agentic AI To Reinvent Infrastructure Modernization

Traditional VMware migrations have long suffered from fragmentation and inflexibility. Enterprises had to cobble together disconnected tools for discovery, planning, network configuration, and rehosting, each requiring specialized expertise and lengthy manually orchestrated handoffs. These rigid, rules-based tools can’t adapt to each customer’s unique environment, resulting in compounding costs, expensive customizations, and timelines that stretch into years.

AWS Transform takes a fundamentally different approach by delivering a unified, end-to-end migration experience powered by agentic AI. Rather than relying on the traditional runbook-driven methodology where each migration phase is performed with disconnected tooling and heavy human orchestration, AWS Transform uses AI agents that automate these workflows within a single experience, from initial infrastructure discovery through planning, infrastructure modernization, and migration execution. It replaces the patchwork model with a unified, agentic AI experience that automates the full migration lifecycle.

Over the last six months, we’ve significantly enhanced AWS Transform, making it faster, more intelligent, and more flexible, capable of handling the largest, most complex migrations. It accepts inventory data in virtually any format and runs what-if scenarios so you can find the most cost-effective route. It generates migration plans for tens of thousands of servers and applications (with millions of business and network relationships) in hours. It automatically creates or updates your landing zone, modernizes and right-sizes your network and containerizes applications as you migrate. For rehost, it gives you a choice between an agentic experience or the classic MGN factory experience. And AWS Transform is now accessible directly through Kiro, Claude, Cursor, and Codex, so your teams can run migrations without leaving their everyday tools. The result is migration assessment and planning that completes in hours, and full migrations that complete in days, with far less manual effort, whether you’re moving a few servers or exiting entire data centers.

Assessment is the accelerator

Migration assessments that help you migrate with certainty

One of the biggest reasons infrastructure modernization stalls is the assessment phase. VMware migration assessments and TCO analyses can take months because they require deep discovery across heterogeneous environments. Discovery can involve cataloging hundreds or thousands of VMs, their interdependencies, performance profiles, licensing entitlements, and storage configurations (vSAN, NFS) that vary significantly across clusters. Accurately modeling the target-state cost requires mapping each workload’s actual resource consumption, not just provisioned capacity, to the right AWS instance family and resource. You also need to factor in consumption methodology (Reserved Instance/Savings Plan discounts), data transfer costs, and ancillary services like backup and DR. None of these map 1:1 from on-premises VMware constructs. The assessment needs to also account for application-level dependencies such as shared datastores and business rules that constrain migration wave planning and directly impact the operational cost model. Customers often lack a single source of truth for their estate, so teams spend significant cycles reconciling data from vCenter, CMDBs, RVTools, third-party discovery tool data, manual spreadsheets, and even meeting notes before any credible TCO comparison can be produced. This complexity is precisely why we’re investing in automated discovery and planning.​

​​Over the last six months, we’ve expanded AWS Transform assessments to accept data in virtually any format, whether that is an RVTools export, a CMDB dump, outputs from any off-the-shelf discovery tool, exports from the AWS Transform discovery tool, or even notes from your own discovery process. It generates parsers on the fly to interpret data, stores it in a canonical format that’s a digital twin of your on-premises estate and uses an agent that’s built on a decade of assessment experience to produce a highly accurate and optimized mapping to AWS resources and TCO. No need to worry about a limited set of supported formats or inflexible parsers. Now, you can upload whatever data, meeting notes, artifacts you have and begin building a business case in minutes with Transform. New what-if scenario modeling lets your team compare migration paths side by side, adjusting assumptions like region, resource utilization, and service mapping to find the most cost-effective route. AWS Transform uses learnings from years of AWS assessments to optimize target design for the most optimal total cost of ownership. AWS Transform produces a detailed migration business case that now covers not just cost savings from compute and storage, but staff productivity, operational resilience, business agility, and sustainability – the full picture your CFO and board want to see.​

By using AWS Transform for a TCO assessment, Vector Limited, together with AWS Partner Slalom completed the AWS migration 34% faster than traditional methods. AWS Transform automatically discovered on-premises environments, analyzed performance data, mapped application dependencies, grouped VMs into migration batches, dynamically analyzed workloads and right-sized Amazon EC2 instances to optimize cloud performance and costs. Result: Vector achieved 35% cost savings over a five-year period, providing the financial justification needed to accelerate their migration ahead of an upcoming expensive VMware license renewal.

What used to require a three-month consulting engagement to generate a migration business case, can now be completed in days. That is time your teams can spend executing instead of planning.

From ten thousand servers to an executable plan, in hours

Migration planning that replaces guesswork with confidence

Once your business case is ready, the next question tends to be the hardest one: where do we start? A large enterprise environment might have tens of thousands of servers running thousands of applications, each with years of tangled dependencies on databases, middleware, firewalls, and other systems. Figuring out which applications can move together, which ones must go first, and which will break everything else if sequenced wrong used to take migration teams months of manual effort, whiteboard sessions, and spreadsheet analysis. And even after all that work, a lot of it was still guesswork.

AWS Transform replaces the uncertainty with precision and flexibility.

After discovery and assessment, Transform builds your entire estate in a canonical format, analyzes your environment, and maps application and network dependencies using a combination of graph-based reachability analysis and reasoning about application functionality. You can share your business and operational priorities in any form – meeting notes, slides, documents, or even just explain in plain English. Transform uses all this information to identify which resources need to move together and groups applications into migration waves. The output is not a rough grouping. It is a detailed, prioritized migration sequence that accounts for technical dependencies, business criticality, ownership, department, application function, and resource availability, all considered together. Applications that share dependencies get grouped into the same wave automatically, so you are never in a position where a critical system fails because something it relied on has not moved yet.

Even for estates with tens of thousands of VMs, Transform can complete migration planning in an hour – something that takes a team of architects six to eight weeks with traditional approaches.

​​But speed is not the only thing that changes. Transform creates a migration plan that operates at enterprise scale. The AI surfaces dependencies that human reviewers often miss: cross-system links buried in firewall rules rather than application configs, shared infrastructure components that nobody documented, clusters of applications that look independent but fail together.​

Your teams do not just receive a plan and execute it blindly. AWS Transform provides a collaborative interface where migration leads can review the wave plan, make edits, reassign applications, adjust sequencing, and sign off before anything moves. You can even ask Transform to generate rich schematic diagrams of your estate, network, servers, and application groupings so you can zoom in, explore, and change the network. You can ask Transform to generate detailed Gantt charts for wave execution, reports on tech debt and risk, and do deep dives on your estate such as network architecture, OS versions, and deprecated software. Transform proposes, your team decides. That combination of machine-scale analysis and human judgment at the point of approval is what makes the plan defensible to stakeholders and safe to execute.

It also solves the trust problem. Migration planning output in Transform includes detailed documentation of the migration sequence and explains the reasoning behind it, which means the CIO presenting to the board and the program manager running the migration are working from the same source. Approvals move faster. Surprises happen less often.

CSL used AWS Transform to accelerate their wave plan by 10x, saving 10 weeks of manual effort across 1072 applications in 29 data centers. AWS Transform processed 4.6 million records of on-premises discovery data across 5000 VMware servers to automatically generate the wave plan in hours.

The target environment builds itself

Your Landing Zone, automated and ready before the first server moves

Before you can migrate a single server, you need somewhere scalable and secure to land. Setting up a proper multi-account AWS environment with the right organizational structure, access controls, and governance policies that follow AWS best practices used to require coordination across multiple AWS services and weeks of setup.

AWS Transform now automates landing zone creation as part of the migration workflow using AWS Control Tower, a purpose-built service for establishing and governing a secure, multi-account environment with pre-configured guardrails, centralized logging, and identity management out of the box. Whether you’re starting from scratch or extending an existing AWS organization, Transform analyzes your migration data and recommends the right account structure. You can customize the organizational hierarchy and governance policies including Control Tower guardrails and service control policies and then choose whether the agent deploys it automatically or generates Infrastructure as Code templates for self-deployment in CloudFormation, AWS CDK, or Landing Zone Accelerator format.

Creating a target environment is no longer a separate workstream. It’s part of the same end-to-end flow.

​​Networks that de-risk migration​

Modernize your network, without the weeks of manual work and post-cutover surprises​​

Ask any CIO who has survived a large migration what went wrong, and the answer is almost always networking. Security rules that break after cutover. IP address changes that break connectivity. Manual network mapping that added weeks to timelines and introduced errors nobody caught until after the fact.

Migrating networks from large on-premises estates is exceptionally difficult because networks encode years of implicit relationships between thousands of applications. These include hardcoded IPs, undocumented firewall ACLs across heterogeneous devices (Cisco ACI, Palo Alto, F5, NSX), VLAN/zone mappings, and NAT rules with no single source of truth. Automation has remained elusive because network configurations are ambiguous and don’t explain why traffic is allowed – just that it is. For example, a rule permitting traffic between two large IP ranges on a set of ports doesn’t tell you which application or service it’s actually for. There’s no easy way to translate vendor constructs to cloud-native primitives such as security groups, NACLs, Transit Gateway route tables, and ALB target groups. The combinatorial explosion of app-to-app communication paths makes identifying the full set of network rules difficult without extended traffic analysis. Modernizing the network during migration (a capability many new customers want) compounds the problem by triggering architectural redesigns that require human judgment and validation.​

AWS Transform has fundamentally changed this.

AWS Transform now analyzes your mapped network and surfaces modernization recommendations before a single resource is provisioned in AWS. Oversized IP address blocks get right-sized. Security rules that could expose your environment get flagged. VPCs organized around old hardware constraints get restructured into properly segmented, logical environments. Naming conventions are standardized. Resources that do not belong in the target environment get called out.​

Previously, this work required your network architects to manually review every construct, a process that added weeks to project timelines and created a bottleneck that slowed everything downstream. Now Transform makes these recommendations for your teams to review, adjust, and approve, rather than do the analysis themselves. And AWS Transform automatically makes the network optimizations.

We have also addressed one of the most common sources of post-migration connectivity failures: DHCP. In many legacy enterprise networks, IP addresses were hard-coded whereas modern networks use dynamic assignments (DHCP). When migrating to AWS, security group rules targeting specific IPs can silently break when DHCP assigns a different address post-migration. Using network modernization, Transform now handles this automatically. Continue using static IP or move to DHCP. We’ll automatically generate appropriate security groups, document every adjustment and eliminate manual remediation that used to follow cutover. No more scrambling to restore connectivity after go-live.

For organizations with hybrid data centers running both VMware and non-VMware workloads, Transform now automatically converts your network configuration regardless of the source. Whether your environment exports from NSX, Cisco ACI, Palo Alto, Fortinet, or other network device types, Transform maps it to the right AWS constructs and generates the infrastructure code to deploy it. Partners and customers can also access these network migration capabilities through public APIs, enabling fully automated end-to-end workflows.

The choice to modernize during migration

Containerization that makes cloud-native achievable at scale

The question most executives eventually face is: do we migrate first and modernize later, or do we try to do both at once? Historically, attempting both simultaneously was a reliable way to do neither well. That tradeoff no longer applies.

AWS Transform now supports containerizing applications during migration, not as a separate initiative that happens afterward, but as part of the same wave planning process your team uses to execute the move. Applications running in GitHub, Bitbucket, GitLab, or packaged as zip files can be automatically analyzed, converted into container images, security-scanned, and deployed to Amazon ECS or Amazon EKS. Transform generates the Dockerfiles, the infrastructure code, and the Helm charts that your teams would otherwise spend weeks producing by hand.

During wave planning, you simply assign each application to a path: lift-and-shift, or modernize to containers. Both execute in parallel. You move to AWS and arrive cloud-native on the applications where it matters most.

One customer put it plainly: “AWS Transform took our applications from source code to running containers on EKS and ECS, generating Dockerfiles and Helm charts along the way. The automation gave us the confidence to scale containerization across our portfolio. What we expected to be a long, manual effort turned out to be straightforward.” Tasks that previously took five to ten days per application now take one to two hours.

​​Use AWS Transform wherever and however your teams work​

From AWS Transform’s agentic migration agents to MGN’s proven replication engine, on the work surface you want

All of these capabilities are delivered through a migration agent that collaborates with your migration teams in real time. It can answer questions, repeat or skip steps, and generate detailed reports for internal approvals and stakeholder communication. It supports VMware, Hyper-V, Nutanix, KVM, and bare-metal physical environments, and can migrate to multiple AWS accounts in a single workflow.
AWS Transform is powered by the same MGN replication technology that migrates hundreds of thousands of VMs every year and can rehost 1000 servers in less than 24 hours. To reflect this close association, MGN is being renamed AWS Transform MGN. Now, for teams that prefer a more hands-on server rehosting experience, we have made it easier to access MGN directly from within the Transform workflow. You can continue with the agentic experience — which handles discovery, wave planning, network creation, landing zone automation, and containerization — or switch to the classic MGN console at the rehosting stage. If you’ve already built a wave plan manually or with another tool, you can also access AWS Transform MGN directly in the AWS console.

For enterprises in regulated industries such as financial services, healthcare, and government, we have added the ability to bring your own Amazon S3 bucket for storing migration artifacts. Encrypt with your own keys, manage access through your own policies, and meet your data sovereignty requirements without changing how you use AWS Transform. Our optional Transform discovery tool runs entirely on premises without requiring cloud connectivity and makes it easy to anonymize discovery data exports, making it particularly well suited for regulated industries and organizations with strict data governance. Data is collected and stored locally on the virtual appliance. No data is transmitted to AWS unless you choose to upload the exported data.

​​You can plan migrations with Transform in many regions and execute migrations – that is move your servers – from any location to any location using AWS Transform MGN which is available in all commercial regions and both GovCloud (US) Regions. MGN is also certified for tight security controls including FedRAMP High, HIPAA, PCI DSS, ISO, and SOC 1, 2, and 3.​

Lastly, AWS Transform including the migration agent is now also accessible through Kiro, Claude, Cursor, and Codex, via a Kiro power, agent plugins, and the AWS Transform MCP server. You can start your infrastructure assessment in Kiro, monitor progress in the AWS Transform console, and see results back in Kiro, all against the same underlying job with consistent state throughout. Your teams get the full depth of AWS Transform’s expertise without leaving the tools they use every day.

The window is open

The infrastructure modernization your organization has been deferring does not need to wait. AWS Transform is here to make your infrastructure modernization as fast, as confident, and as complete as possible. The updates from the last six months have addressed the specific things that stall migration programs: slow assessments, complex wave planning, network architecture debt, security and compliance friction, and the false choice between migrating and modernizing.
Migration and modernization of your infrastructure and applications is closer than it looks. Let’s build it.

To learn more about AWS Transform and start your migration assessment, visit aws.amazon.com/transform.

What’s New Releases

1. New agentic migration assessment capabilities now available with AWS Transform
2. AWS Transform agents now available in Kiro, Claude, Cursor, and Codex
3. AWS Transform introduces the agent builder toolkit Kiro power for building customized transformation agents
4. AWS Transform adds containerization capability during migrations
5. AWS Transform automates landing zone creation in migration workflows
6. AWS Transform enables network conversion for hybrid data center migrations
7. AWS Transform adds new agentic AI capabilities for enterprise VMware migrations
8. AWS Transform automates Landing Zone Accelerator network configuration
9. AWS Transform now enables Terraform for VMware network automation
10. AWS Transform for VMware supports flexible network management and broader AWS Region coverage
11. AWS Transform assessments now includes detached storage

Blogs

1. Accelerating VMware migrations with AWS Transform and MGN replication agent installation automation
2. Containerize during migration: Replatform applications to containers with AWS Transform
3. Anonymizing AWS Transform Discovery Tool Exports for Regulated Customers
4. Accelerating Cloud Migration with AWS Transform and Generative AI
5. Automate large scale network migration using AWS Transform Network Migration APIs
6. Accelerate storage migration planning with AWS Transform assessments
7. Accelerating VMware migration: AWS Transform’s new experience
8. Introducing the AWS Transform discovery tool