AWS Transform FAQs

AWS Transform is an agentic AI service designed to support large-scale modernization of full-stack Windows workloads (including .NET and SQL Server), transformation of mainframe applications to modern languages and architectures of VMware workloads to Amazon EC2, and custom transformations for code, APIs, frameworks, and more.

You can access AWS Transform’s unified web experience tailored for large-scale modernization and team collaboration at https://console.aws.amazon.com/transform/home. For custom transformations for code, APIs, frameworks, and more, the service operates through both CLI and web interfaces. For select .NET applications requiring developer attention, developers can also use AWS Transform in Visual Studio IDE.

AWS Transform’s approach for migration and modernization differs from traditional tools on three fundamentals. First, AWS Transform offers specialized task agents for various tasks – ranging from network generation to extracting business rules from COBOL to porting .NET code. These agents combine specialized knowledge built on years of experience with enterprise-specific context. Second, the service uses agentic AI to orchestrate execution of these expert task agents, unique to each workload. Depending on the task, orchestration ranges from deterministic execution to goal driven, dynamic plans. The product focuses on getting the jobs done, integrating with humans in the loop or invoking coding agents. Third, learning capability is built-in at each level. The agents continually self-debug and improve outcomes and provide recommendations for next steps.

To get started, sign in to the AWS Transform web experience with your current enterprise credentials. If you are a new customer, you can use single sign-on (SSO) with AWS IAM Identity Center integration and connect it to an AWS account to get started. Alternatively, you can set up direct federation with Okta or Microsoft Entra. To learn more, see AWS Transform User Guide.

AWS Transform delivers a unified, end-to-end migration experience powered by agentic AI. It automates every stage of migrating on-premises workloads to the cloud, from discovery and assessment through migration planning, network conversion, and migration execution. With a single collaborative workspace, project managers, infrastructure architects, developments, security engineers work together in real time, guided by agentic AI at every step. 

AWS Transform also supports migrations from hypervisors such as VMware, Hyper-V, Nutanix, KVM, and bare-metal physical environments.

Built on agentic AI and nearly two decades of AWS migration experience, AWS Transform adapts to each customer's unique environment rather than forcing a rigid, one-size-fits-all runbook. It accepts inventory data in virtually any format, maps application dependencies at scale, generates executable migration plans for tens of thousands of servers in hours, and modernizes networks automatically. 

Organizations accelerate time to value by reducing manual effort at every stage, optimize infrastructure costs through AI-supported right sizing and elimination of hypervisor licensing fees, and choose whether to rehost, replatform, or both within the same workflow. What used to take months of coordination now happens significantly faster with fewer errors and a cloud foundation ready for innovation.

Yes. AWS is the proven destination for VMware workloads, and AWS Transform makes the migration faster than ever. 

AWS Transform is purpose-built to accelerate migration of VMware workloads to AWS. It delivers end-to-end automation that helps organizations lower VMware licensing costs, reduce migration timelines, and migrate to AWS with confidence. Once on AWS, those workloads become the foundation for future transformation, helping organizations accelerate their AI strategy and innovate faster on a modern, cloud-native infrastructure.

AWS Transform builds the job plan dynamically to meet your specific needs.

AWS Transform supports the following capabilities:

• Discovery: Perform discovery of your on-premises environment
• Planning: Generate a wave plan to suit your business needs
• Network: Migration: Configures and generates IaC for deployment. AWS Transform can also automate the deployment
• Rehost: Migrate servers to EC2

AWS Transform will tailor your job plans based on your goals, including any combination of:

• End-to-end migration: Performs discovery, generates wave plans, configures VPC networks, and migrates servers.
• Network migration only: Focuses solely on generating and deploying VPC configurations.
• Network-and-server migration: Configures and deploys VPC networks, then migrates servers without discovery.
• Discovery and server migration: Performs discovery, generates wave plans, and migrates servers without network configuration.

AWS Transform builds a data-driven business case for migrating to AWS. Upload your server inventory in any format and AWS Transform analyzes your environment to produce optimized Amazon EC2 recommendations with a complete total cost of ownership (TCO) comparison covering compute, storage, licensing, staff productivity, and operational resilience.

AWS Transform assessments generates multiple TCO scenarios with varying purchase commitments, licensing options, and tenancy configurations, plus what-if scenario modeling so teams can compare migration paths side by side. You can ask follow-up questions about recommendations and a downloadable PDF makes it easy to share the business case with stakeholders.

AWS Transform accepts server inventory data in virtually any format. Supported sources include RVTools exports, configuration management database (CMDB) exports, outputs from third-party discovery tools such as Cloudamize, Matilda Cloud, and ModelizeIT, exports from the AWS Transform discovery tool, and even unstructured data like meeting notes or documents from your own discovery process. AWS Transform generates parsers on the fly to interpret your data, so there is no need to reformat or normalize before uploading.

AWS Transform produces a complete migration business case that covers optimized Amazon EC2 instance recommendations, a total cost of ownership (TCO) comparison across multiple scenarios, and actionable next steps. Scenarios include varying purchase commitments (on-demand and reserved instances), licensing options (bring your own license and license-included), and tenancy configurations (shared and dedicated). The business case also covers staff productivity, operational resilience, business agility, and sustainability, giving leadership the full picture needed to approve and fund the migration.

AWS Transform assessments provide directional estimates that approximate the cost of AWS services based on your current server configurations and assumed usage patterns. While these estimates are helpful for initial planning purposes, they should be viewed as guidance rather than exact figures. Actual AWS costs may vary depending on your specific implementation, resource optimization choices, and real-world usage patterns. It's important to note that these estimates are not quotes and should not be interpreted as guarantees of your final AWS service costs. For more precise cost planning, we recommend working with your AWS account team or an AWS Partner who can help analyze your specific requirements and usage patterns in detail.

AWS Transform assessment and AWS Migration Evaluator are both valuable tools for planning cloud migrations. Assessments is a fast, self-service capability of AWS Transform, designed specifically for organizations looking to migrate x86 servers from on-premises environments to AWS. It utilizes existing server inventory data to provide targeted recommendations for Amazon EC2 instances and generate quick TCO estimates. This streamlined approach is ideal for companies seeking a rapid, focused assessment of their migration options. AWS Migration Evaluator offers a more comprehensive, expert-led assessment service. Guided by AWS Solutions Architects, this in-depth evaluation encompasses a broader range of analyses, including detailed data collection, storage assessment, sustainability evaluation, and Microsoft SQL Server analysis. Migration Evaluator is best suited for organizations that require thorough migration planning and desire expert guidance throughout the process.

AWS Transform is powered by the same MGN replication technology that migrates hundreds of thousands of VMs every year and can rehost 1,000 servers in less than 24 hours. To reflect this, MGN has been recently renamed AWS Transform MGN (formerly AWS Application Migration Service).

 Agentic rehost with AWS Transform: AI-driven automation handles the full setup and per-wave preparation, including initializing MGN, configuring IAM permissions, generating launch templates, setting up post-launch actions, installing replication agents, generating inventory, configuring replication settings, and enriching network mappings, all without manual intervention. Ideal for migrations spanning multiple accounts or requiring precise configuration where manual errors introduce delays. 

Self-directed rehost through the classic MGN console: You manage each configuration step directly for full control over your rehost workflow. Ideal for teams that prefer granular, step-by-step management of their migration.

Learn more about AWS Transform MGN here

To get started, sign in to the AWS Transform web application using your current enterprise credentials. If you are a new user, your account administrator must first enable AWS Transform and add you as a user through AWS IAM Identity Center for single sign-on (SSO) access. For VMware migrations, AWS Transform will guide youto upload asset inventory from third-party tools, or from the AWS Transform discovery tool. You can start a new project in AWS Transform by specifying your goals.

AWS Transform is the first agentic AI–powered assistant for large-scale migration of VMware workloads to Amazon Elastic Compute Cloud (Amazon EC2). It simplifies and accelerates your migration by allowing you to specify goals, generate plans to meet those goals, and conduct approved actions on your behalf.

AWS Transform streamlines the entire migration journey by analyzing your environment, builds an understanding of your application inventory and dependencies, and proposes logical application groups for migration waves using server and network data. It orchestrates dependency-aware migrations to minimize downtime, recommends right-sized Amazon EC2 instances, and allows for seamless collaboration across teams.

AWS Transform helps you discover source servers using multiple data collection methods. It plans your migration to AWS using the configuration data collected about your source servers and databases, applying machine learning (ML) techniques to plan your migration waves. It supports several ways of performing discovery and collecting data about your source servers.

The AWS Transform discovery tool can conduct a centralized discovery by deploying the Discovery Collector (OVA file) through your VMware vCenter. The discovery tool can discover VM configuration for business case generation and migration planning, resource utilization for right sizing recommendations, and database metadata and server-to-server connections for application dependency mapping to enable wave plans creation. In addition, you can also use RVTools exports to provide CSV or Excel format exports that contain detailed information about your VMware environment including vSwitches, port groups, and VLANs. You can export discovery data from select third-party tools (including Cloudamize, Matilda Cloud, and ModelizeIT) to be used in AWS Transform for migration planning.

AWS Transform now supports migration of networks and applications to multiple target accounts and conversion of network configuration from additional data sources (Cisco ACI, Palo Alto, and Fortigate), and managing rehost transitions at the wave and at the server level.

AWS Transform automates landing zone setup as part of the migration workflow using AWS Control Tower. It analyzes your migration data and recommends the right multi-account structure, organizational hierarchy, and governance policies including guardrails and service control policies. You can customize the configuration, then choose whether the agent deploys it automatically or generates Infrastructure as Code (IaC) templates for self-deployment in AWS CloudFormation, AWS CDK, or Landing Zone Accelerator format.

Yes. AWS Transform supports containerizing applications as part of the same migration workflow, not as a separate initiative that happens after the move. During wave planning, assign each application to a path: rehost to Amazon EC2, or replatform to containers on Amazon ECS or Amazon EKS. Both execute in parallel within the same workflow.

AWS Transform analyzes applications from GitHub, GitLab, or packaged as zip files, converts them into container images, performs security scanning, and generates the Dockerfiles, infrastructure code, and Helm charts your teams would otherwise spend weeks producing manually. 

AWS Transform for implements comprehensive encryption for your data both in transit and at rest:

Data in transit:

• All communications between your environment, AWS Transform, and AWS services use Transport Layer Security (TLS) 1.2 or higher encryption.
• Data replication from your source servers to AWS utilizes encrypted connections for secure transfer.
• API calls between AWS services involved in your migration are automatically encrypted as part of AWS standard security practices.

Data at rest:

• By default, AWS Transform encrypts data stored in Amazon S3 buckets using AWS managed encryption keys.
• You have the option to use your own customer-managed AWS KMS keys for enhanced control and security over the encryption process.
• Replicated server data stored during migration is encrypted according to AWS Application Migration Service standard encryption practices.
• Metadata and configuration information stored by AWS Transform is encrypted using AWS standard encryption mechanisms.

This comprehensive encryption approach helps ensure your migration data remains protected throughout the entire migration process, aligning with security best practices and helping you meet compliance requirements for data protection.

Important Note: AWS Transform creates Amazon S3 buckets on your behalf in your target AWS accounts. These buckets do not have SecureTransport enabled by default. If you want the bucket policy to include SecureTransport, you must update the policy yourself. For more information, see Security best practices for Amazon S3.

Yes, AWS Transform lets you avoid using the public internet for data replication. You can establish private connectivity using AWS Direct Connect for a dedicated, high-bandwidth link or an AWS Site-to-Site VPN for an encrypted tunnel between your data center and AWS. These options keep migration traffic secure and off the public internet while improving performance with more predictable network conditions. When setting up replication, you can configure AWS Transform to use your private connection, making it ideal for large-scale migrations with sensitive or high-volume data.

AWS Transform stores your migration data in several places:

• Your AWS accounts: AWS Transform creates S3 buckets in your target accounts to store your migration data, artifacts, and configuration information. You maintain full control over these buckets and can choose the encryption keys used.
• AWS Transform workspace: Your data is processed in the AWS Region where you created your AWS Transform workspace to generate migration recommendations and plans.
• Temporary service storage: For certain migration jobs, customer data is securely and temporarily uploaded to an artifact store in the AWS service account in the same region as your source account. This data is used for processing and is automatically deleted if the job or account is deleted.
• Service metrics storage: Calculated migration metrics and assessment results are stored in AWS service accounts in S3 and CloudWatch for service improvement and operational monitoring.
• Replication data: Stored in EBS snapshots and volumes in your target AWS account.

While AWS Transform creates S3 buckets with basic security configurations including encryption at rest, we strongly recommend implementing additional S3 bucket security best practices to fully protect your data, such enforcing encryption in transit, enabling access logging, and implementing appropriate bucket policies.

Startups migrating to AWS can get personalized, AI-powered migration plans and then choose how to execute on startups.aws. The AI-guided migration capability is designed specifically for startup workloads. It generates a complete plan in minutes (service mapping, cost estimates, architecture diagrams, Terraform templates, and a step-by-step runbook) tailored to your current stack and where you're headed. It supports GCP infrastructure migrations (Kubernetes to EKS/ECS/Fargate, PostgreSQL/MySQL to RDS/Aurora, Google Cloud Storage to S3) and AI/LLM inference migrations from OpenAI or Gemini to Amazon Bedrock. Once you have your plan, you can choose how to execute: AI-guided migration, AWS expert guidance, or connection to a certified AWS Partner. Learn more and get started with your migration plan here.

AWS Transform for Windows includes two main components: transforming .NET Framework applications to cross-platform .NET and migrating Microsoft SQL Server to Aurora PostgreSQL databases along with the dependent .NET application. 

AWS Transform for .NET accelerates modernization of Windows-based .NET Framework applications to cross-platform .NET for Linux environments. It connects to your source code repositories in GitHub, GitLab, Azure Repos, or Bitbucket and performs a comprehensive analysis focused on three key areas: repository dependencies, required private packages and third-party libraries, as well as identifying supported project types. Based on this analysis, it generates a transformation plan for these repositories and highlights any missing dependencies that you can resolve by uploading packages yourself. During the transformation process, AWS Transform for .NET converts application code, builds the output, runs unit tests, and commits results to a new branch in your repository. You can then deploy the transformed application as a container on Amazon EC2 or Amazon ECS.

AWS Transform for SQL Server modernization accelerates migration of your Microsoft SQL Server databases and applications to Aurora PostgreSQL. It connects to your SQL Server databases running on Amazon EC2 or Amazon RDS to discover the schemas and the stored procedures in your databases. It then performs a detailed analysis of databases and applications to create waves of applications, and databases that can be transformed together based on dependency relationships. It then transforms SQL Server schemas to Aurora PostgreSQL and migrates databases to new or existing Aurora PostgreSQL target clusters. For .NET applications transformation, the service updates database connections in the source code and modifies ORM code in Entity Framework and ADO.NET to be compatible with Aurora PostgreSQL — all in a unified workflow with human supervision.

In both workflows, AWS Transform provides a comprehensive transformation summary, including modified files, test outcomes, and suggested fixes for any remaining work. Your teams can track transformation status through its interactive chat or worklogs. Additionally, your teams receive email notifications with links to transformed .NET code in your repositories. For workloads that need further processing, your developers can continue using the Visual Studio extension in AWS Transform.

AWS Transform for Windows discovers the repositories in your account and identifies supported project types in each repo. It supports porting console applications, class libraries, Web APIs, WCF Services, Model View Controller (MVC), Single Page Application (SPA), and unit test projects (xUnit, NUnit, MSTest frameworks) to cross-platform .NET (full list available here). In addition, AWS Transform for Windows also ports MVC Razor views UI projects to ASP.NET Core Razor views, UI porting of ASP.NET Web Forms to Blazor on ASP.NET Core, porting Entity Framework and ADO.NET ORM code for Aurora PostgreSQL compatibility, porting of WinForms, WPF, and Xamarin projects to cross-platform .NET, and support for VB.NET language projects.

After identifying project types, it analyzes these projects for dependencies on other projects, private packages, and third-party libraries. Based on the dependency analysis, AWS Transform for Windows recommends a transformation plan that orders repositories according to their last modification dates, dependency relationships, and private package requirements.

You can download the analysis report to evaluate the recommended plan and review it with your team. You also have the option to customize the recommended plan by editing the selection in the console or by uploading a modified file with your preferred selection. Administrators and approvers can review and approve the plan before proceeding with the transformation process.

During transformation, the selected source code repositories from your approved plan are securely fetched into a network-isolated execution environment for transformation to cross-platform .NET. AWS Transform for .NET supports transforming applications written using .NET Framework versions 3.5+, .NET Core 3.1, .NET 5, .NET 6, and .NET 7 to cross-platform .NET 8 (LTS), and .NET 10, and database access frameworks Entity Framework, and ADO.NET.

After porting, AWS Transform runs a full .NET build to identify any build errors and runs an AI-led evaluation loop to auto-remediate issues. This process is repeated across all supported projects within the repositories. After the transformation job is completed, the transformed code is committed back to your source code repository in your chosen target branch for review.

For .NET source-code repositories that have successfully completed transformations with zero build errors, AWS Transform executes unit test projects, if present, and provides those execution results for your review. For repositories that have partially transformed projects, unit test projects are ported but are not run. You can resolve remaining issues yourself before running the unit tests.

AWS Transform also supports deploying the transformed applications to a target environment for customers to validate the transformed applications.

AWS Transform for Windows first discovers the databases that are running in your AWS account. It then identifies the databases running the Servers, schemas, and stored procedures associated with the databases. It also analyzes the source code repositories to identify database dependencies in the repos, embedded SQL queries, and database access code written in Entity Framework, and ADO.NET. Based on the analysis, it then creates customizable wave plans for databases and application transformation so they can be transformed together.

You can download the analysis report to review the modernization recommendations, complexity of the transformations, and the databases, and source code repository invoking the databases.

AWS Transform for Windows transforms SQL Server in 3 steps: 1) Schema conversion, 2) Data migration, and 3) Code transformation.

During database schema conversion, the schemas from the selected databases are converted from Microsoft SQL Server schemas to Aurora PostgreSQL-compatible schemas. If there are issues in the schema conversion, AWS Transform for Windows will automatically run an AI-led evaluation loop to auto-remediate the issues. The process is repeated across all the schemas in the databases in the wave. Similarly, if there are stored procedures in the SQL Server databases, they are ported to be compatible with Aurora PostgreSQL databases as well. Once the schemas are successfully converted, they will be applied to the target Aurora PostgreSQL databases.

After the schemas are fully transformed for your target PostgreSQL database, you have the option to migrate your data from your SQL Server databases to Aurora PostgreSQL databases. During this stage, AWS Transform for Windows migrates your data to the transformed PostgreSQL databases. If there are any issues during the migration process, you will be informed of the migration issues and a migration report to troubleshoot the failures.

Finally, the source code repositories are updated to match the PostgreSQL target database created. The connection strings are updated to match the PostgreSQL database, embedded SQL code is ported to be compatible with PostgreSQL, and Entity Framework and ADO.NET are updated to match the new database. After the transformation is completed, the updates are committed to a new source code repository branch that you had provided. You can review a detailed transformation summary of the updates that AWS Transform performed during this step.

For .NET code transformations, you can track all modification actions through detailed transformation reports provided for each repository in natural language. These reports outline the files, APIs, and private NuGet packages that were modified, moved, or updated during the process. When repositories are partially transformed, the summary report includes specific details about build errors and schema transformation failures, along with recommendations for resolving these issues. All transformed source code is committed to a new target branch that you specify during the job, allowing you to check out the branch and review the code changes performed by AWS Transform.

For SQL Server modernization, you can monitor schema conversion and data migration actions through reports available after the transformation steps are completed. These reports are accessible both immediately after transformation and through the Migration Project page in the AWS Data Migration Service (AWS DMS) Console. Similar to .NET transformations, you can track source code changes from the feature branch. Additionally, you can validate the transformation results by examining the deployed database schemas and stored procedures in your target PostgreSQL database.

In the web experience, you can monitor transformation progress in real time through two main methods. The interactive chat provides dynamic updates and responses based on the current job plan and context of your questions, accessing a comprehensive knowledge base about ongoing jobs and actions. The worklogs offer detailed documentation of all actions performed by AWS Transform for Windows on your source code and databases, including user approvals and audit trails.

In Visual Studio IDE experience, when transforming .NET applications in Visual Studio, progress monitoring is available through the AWS Transform Hub. This interface displays the estimated remaining time, detailed transformation steps, and an activity worklog.

Additionally, you'll receive comprehensive transformation summary reports for each repository, detailing modified files, API changes, and updates to private NuGet packages.

Upon job completion, you'll receive an email notification containing deep links to review the transformed repositories. 

For .NET code transformations: AWS Transform provides a detailed transformation summary report including a next steps markdown file that outlines remaining tasks, such as Linux readiness issues and database access code updates. You can either use this information to initiate another transformation with AWS Transform or use it as guidance for an AI code companion.

For SQL schema conversion and data migration: The schema conversion report shows the percentage of successfully transformed schema and provides guidance for completing unfinished work. You can address remaining schema conversions using either the AWS Database Migration Service (AWS DMS) console's schema conversion page or IDEs like DBeaver. For data migration errors, you can review the data migration report to address the migration issues.

You are the owner of the code ported by AWS Transform for full-stack Windows modernization. Once the porting of source code is completed, the transformed code is committed to a branch of choice in your repository. AWS Transform does not store any copy of the transformed code after the code has been committed to the branch.

The same ownership principle applies to database schemas transformed using AWS Transform and AWS DMS. You own all converted schemas and can download, modify, and upload them to your target database. AWS Transform does not retain any schema information after job completion.

The AWS Transform .NET agent gets access to your source code through AWS CodeConnections service, which must be approved by an IT admin for your AWS account prior to accessing the source code. It then analyzes your code to identify inter-project dependencies and private packages used within the projects to recommend a transformation plan. The service is designed to securely and ephemerally clone your .NET solution, allowing you to use customer managed KMS keys  for encrypting your code in this environment. Customer managed KMS keys  allows you to have full control over keys, including managing policies, grants, tags, and aliases for accessing data.

Your source code processed by AWS Transform is stored only for the duration of the job and purged after the job is completed. Your trust, privacy, and security of your content are our highest priority. We implement appropriate controls, including encryption in transit, to prevent unauthorized access to or disclosure of your content and ensure that our use complies with our commitments to you.

AWS Transform securely analyzes your database schemas through a database connector, requiring explicit IT admin approval from your AWS account. Similarly, access to source code repositories is managed through AWS CodeConnections service, also requiring IT admin approval.

Database access is secured through AWS secret keys and user credentials that you provide to the AWS Transform agent. During schema conversion, the transformed schemas are deployed directly to your target Aurora PostgreSQL database within your specified AWS account, VPC, and subnet.

AWS Transform maintains strict security protocols throughout the process, never storing database information permanently. All database conversion information is deleted after job completion, and transformed code is committed only to your designated feature branch without any retention after the job is finished. This process ensures your database code and schemas remain secure throughout the transformation process while maintaining complete control within your AWS environment.

AWS Transform for mainframe is an agentic AI-powered service designed to accelerate the modernization of legacy mainframe applications. Customers can define high-level modernization goals and leverage a specialized AI agent to orchestrate the necessary tools and processes. The agent analyzes applications, generates documentation, extracts business logic, decomposes monolithic structures, transforms legacy code, automates testing, and manages modernization tasks, offering human-in-the-loop oversight where desired.

Key capabilities of AWS Transform include flexible, goal-driven planning, classification of application assets, planning and documentation generation with business logic extraction, comprehensive testing capabilities, automated refactoring that converts COBOL-based mainframe workloads into modern, cloud-optimized Java applications, and AI-powered reimagination capabilities.

AWS Transform empowers customers to modernize their critical mainframe applications faster, more cost-effectively, and with confidence that their business-critical logic will be preserved throughout the transformation process.

AWS Transform for mainframe supports both reimagine and refactor modernization patterns, offering flexible pathways to modernize legacy mainframe applications.

Refactoring with AWS Transform automates the transformation of COBOL-based mainframe applications into modern Java applications running on AWS, using agentic AI to analyze codebases, generate documentation, decompose monoliths, plan modernization waves, automate testing functions, and accelerate code refactoring while maintaining functional equivalence to the legacy stack.

Reimagining with AWS Transform enables transformation of mainframe applications to cloud-native architectures, leveraging automated analysis to convert monolithic applications into modern, agile solutions that can fully utilize cloud-native capabilities. Through a chat-centric, flexible agent experience, AWS Transform analyzes code and data, extracting information for technical and business documentation that drive the forward engineering of reimagined workloads.

A key feature of AWS Transform is its ability to break down monolithic mainframe applications into modular, business-aligned domains, and then generate comprehensive modernization waves. Using the business logic extraction in conjunction with the decomposition step helps break down monoliths into logical business domains.

Leveraging automated reasoning and planning capabilities, AWS Transform analyzes your codebase, identifies discrete functional areas, and organizes the application assets accordingly. It then creates detailed, prioritized modernization plans that consider factors like business priorities, technical complexity, and constraints. Through data and activity analysis, AWS Transform can also help identify application components with low utilization or minimal business value, enabling more informed decisions about target architecture.

This domain-driven decomposition and thoughtful planning allows you to tackle the modernization in manageable, iterative steps. By providing this visibility and structure up front, AWS Transform empowers you to focus your efforts, make informed decisions, and execute the modernization quicker.

AWS Transform for mainframe offers testing capabilities designed to reduce the time and effort required for mainframe modernization testing, which typically consumes over 50% of project duration. This includes automated test plan generation, test data collection scripts creation, and test case automation scripts creation. The service also includes a refactored functional test environment with tools for continuous regression testing, data migration, and results variation.

These agentic AI-powered capabilities work together to reduce dependency on scarce mainframe expertise, accelerate testing timelines, and improve accuracy through automation, helping customers modernize their mainframe applications with greater confidence and efficiency.

Yes, AWS Transform for mainframe is modular, allowing you to leverage its capabilities for as many or as few phases of the modernization journey as you choose. For example, when reimagining an application, you might initially focus on analysis across codebase, data structures, and activity, and later layer in documentation to inform the forward engineering of the reimagined application.

Inventory collection encompasses various mainframe components including COBOL programs, copybooks, Job Control Language (JCL), procedures and parameter cards, and DB2 definitions. If available, Customer Information Control System (CICS), Information Management System Transaction Manager (IMS TM), and CSD files should be loaded to determine entry points.

The extraction process begins by downloading source elements through text mode, converting each member into individual source files. Files should be organized in a structured directory system that reflects their origin, language, type, and application/sub-application relationships (for example, C:\Mainframe\APP1\Cobol\Program1.CBL or \Mainframe\APP1\JCL\JCL1.txt). If no file extension is provided, AWS Transform will determine the appropriate extension based on the file contents to classify the member.

The collected inventory is then compressed into a zip file and uploaded to an S3 bucket. The process might be iterative, with an initial upload followed by subsequent iterations of missing components until reaching satisfactory completeness.

After code transformation, you have the option to use pre-built Infrastructure as Code (IaC) templates to deploy your modernized applications. These templates are accessible through the AWS Transform chat interface, helping create the necessary compute resources, databases, storage, and security controls. Templates are available in AWS CloudFormation, AWS CDK, and Terraform formats.

You can also use the Reforge step to enhance your transformed Java code with improved readability and maintainability before deployment. To use this feature, provide your refactored code and java class list to specify which service classes to reforge. AWS Transform will generate downloadable files containing the reforged code.

AWS Transform provides the ability to specify files within your source code to generate documentation. You can choose summary overviews of file collections or detailed functional specifications for each file. The detailed specifications include logic flows, input/output processing, and other transactional details.

Once generated, you can access this documentation by viewing files in the AWS Transform interface or downloading them in XML or PDF formats. Additionally, the AWS Transform chat function allows you to query the documentation to better understand your documents, such as asking about specific file purposes or functionality.

The Analyze step, required for all mainframe jobs, examines source code provided in the S3 bucket and generates several key insights. AWS Transform classifies file types and provides metrics including total lines of code, comment lines of code, effective lines of code, and cyclomatic complexity (representing the number of linearly independent paths through program's source code). The analysis identifies missing and duplicated files, including files that share the same name or program ID. It also generates dependency mapping between files to be used during the decomposition step. This information helps you understand the state of your source code before proceeding with modernization.

AWS Transform makes mainframe modernization more accessible to business stakeholders through automated business logic extraction. This capability extracts from the source code the business rules, the functional groups, the entry points helping stakeholders to retrieve the lost knowledge about the business logic of their application. Additionally, developers can leverage these insights to quickly understand legacy system functionality without deep mainframe expertise.

The reimagine pattern transforms mainframe applications into cloud-native systems by rethinking how business capabilities should work in a modern architecture, rather than translating code line-by-line.

The workflow begins with assessment, which analyzes your entire mainframe portfolio to deterministically map business functions. Selected business functions flow directly into the reimagine workflow, where AWS Transform extracts every business rule from the source code and generates development-ready requirements that describe the existing system for forward engineering. These requirements flow directly into Kiro and other IDEs through MCP-based integrations. Every requirement traces back to the source code, so teams can audit any transformation decision back to its origin. This end-to-end approach compresses what previously took years of manual modernization into months of automated, evidence-based modernization.

Traceability means every output that AWS Transform produces can be traced back to the original source code it came from. This creates a complete audit chain from modern application to origin.

The traceability chain works as follows: business rules extracted from your source code are linked to the exact files and lines they originated from. Development-ready requirements generated from those rules maintain that link. Modern code generated from those requirements carries traceability through the full chain. Teams can audit any transformation decision back to its origin and verify which business rules derived each requirement.

AWS Transform integrates with established workflows through open protocols including MCP (Model Context Protocol), so teams do not need to adopt a proprietary toolchain to use the service. Development-ready requirements and artifacts flow directly into Kiro and other IDEs, where coding agents generate modern code with full context maintained from assessment through deployment. Developers work natively in their preferred environment with consistent functionality whether using the IDE or the AWS Transform web application.

Modernized outputs include deployment-ready artifacts such as Infrastructure as Code templates in AWS CloudFormation, AWS CDK, and Terraform formats that connect to existing delivery pipelines. Generated test plans and validation scripts work alongside your current testing infrastructure. Partners build differentiated practices on top of AWS Transform, extending their existing delivery methodologies without changing how they work.

AWS Transform custom uses agentic AI to perform large-scale custom modernization of software, code, libraries, and frameworks to reduce technical debt. It handles diverse scenarios including version upgrades (Java 8 to 17, Python 3.9 to 3.13), runtime migrations (x86 to Graviton), framework upgrades and transitions (Spring Boot upgrades, Angular to React), refactoring (observability instrumentation), and organization-specific transformations.

The service includes ready-to-use, AWS-managed transformations for common use cases, such as Java, Node.js, Python upgrades and AWS SDK upgrades. For other scenarios and organization-specific needs, you can create custom transformations through natural language interactions, documentation, and code samples. Through continual learning, the agent improves from every execution and developer feedback, delivering high-quality, repeatable transformations without requiring specialized automation expertise.

The custom transformation agent has four core components:

1. Natural language-driven transformation definition: Allows teams to generate organization-specific transformations using natural language interactions, documentation, and code samples. The AI agent generates an initial transformation definition that can be iteratively refined through chat, additional examples, or direct edits.
2. Transformation execution across codebases: Applies transformation definitions reliably and consistently across multiple codebases. AWS Transform custom uses configurable build commands to build and verify the transformed code. Using the AWS Transform web applications, you can set up a large-scale campaign to transform multiple codebases and track its progress.
3. Continual learning: Automatically captures feedback and improves over time from every execution to enhance transformation accuracy and effectiveness. AWS Transform custom analyzes all execution data and automatically generates improved versions of transformation definitions, ensuring each subsequent transformation becomes more reliable and efficient.
4. AWS-managed transformations: Provides ready-to-use, AWS-managed transformations for common upgrade scenarios like Java, Python, and Node.js version upgrades. These transformations are vetted by AWS to be high quality and are ready to use without any additional setup.

AWS Transform custom adapts to your workflow. For large-scale modernization projects, you can apply repeatable transformations across multiple codebases following these phases:

Phase 1: Define transformation (optional): For custom transformations, provide natural language prompts, reference documents, and code samples to the AI agent, which generates an initial transformation definition. You can iteratively refine the definition through chat, additional examples, or direct edits, then test and verify the transformation on sample codebases before publishing it for use across the organization. For AWS-managed transformations, you can skip this phase and use ready-made transformations.

Phase 2: Perform pilot or proof-of-concept: Validate that the transformation produces the expected results by performing a pilot on a subset of the target code. This phase is sometimes combined with the validation of the transformation definition in the case of custom transformations. Pilots can also be used to estimate the cost in terms of time and AWS Transform custom usage of the transformations.

Phase 3: Scaled execution: After the pilot, the transformation is tweaked based on pilot results. Note that AWS Transform custom continual learning will have improved the quality during the pilot. In scaled execution, teams can set up automated bulk executions where AWS Transform CLI executes transformations in batches and creates resulting code to be reviewed by individual teams, or teams can execute the CLI directly for full control, which is sometimes preferable for more complex transformations.

Phase 4: Monitor and review: Concurrently to scaled executions, you can monitor the execution progress and review and approve learnings extracted by AWS Transform custom continual learning.

AWS Transform custom can be accessed through two interfaces:

AWS Transform CLI (Command Line Interface)

The CLI is used to create new custom transformations interactively and execute transformations on local codebases either interactively or autonomously. It is deployed as a simple, scriptable CLI that can be integrated with any source control system or deployment pipeline. The CLI is intentionally minimal and composable, and can be run on individual developer machines, in a container, or as part of your organization's greater modernization framework.

AWS Transform Web application (optional)

The AWS Transform web application is used to start and monitor large-scale transformation projects across multiple repositories. It allows you to select the transformation you want to execute at scale and track real-time progress updates on transformation execution.

AWS-managed transformations have the following characteristics:

• Validated by AWS - these transformations are vetted by AWS to be high quality
• Ready to use - no additional setup required
• Continuously growing - additional transformations are continually being added
• Customizable - Pre-built transformations can be customized by providing additional guidance or requirements specific to your organization's needs using the additionalPlanContext configuration parameter
• Early access support - some transformations may be marked as early access as they undergo further testing and refinement

Discover out-of-the-box transformations

The time to create a transformation varies based on complexity and available data in the form of existing migration guides, documentation, and code examples. The more information provided, the better the initial quality of the transformation. For common upgrades, migrations, and refactoring, initial transformation definition takes 1-2 days, and testing and refinement on sample codebases requires 2-3 days of iteration.

The transformation can be refined by executing it interactively, pausing and providing natural language feedback if required, or providing feedback at the end. The feedback can be natural language, code fixes, or additional before-and-after samples. AWS Transform custom provides guidance on how to improve the transformation quality. It is important to remember that you may need to simplify the transformation, such as decomposing it into multiple steps, to obtain good results. Once working reliably, the transformation can be published for organization-wide use.

AWS Transform custom implements multiple safety measures to ensure transformation quality. It incorporates Amazon Bedrock safety guardrails and breaks code changes down to reasonably-sized chunks for easier review. Transformations use user-defined build and test commands to validate changes and can specify validation criteria that must be met, such as successful test execution or specific code patterns that must be maintained.

When a transformation encounters errors, AWS Transform custom provides detailed logs of what went wrong and where. For build or test failures, it captures the specific error messages and context. If incorrect code is generated, you can provide feedback, which the agent incorporates into its learning system to improve future transformations. Failed transformations can be retried with additional context or broken down into smaller, more manageable changes.

The continual learning system gathers information from each transformation execution through both explicit feedback (comments and code fixes) and implicit observations the agent encounters while transforming and debugging code. This information is processed to create "knowledge items" that improve future transformations. These knowledge items are specific to that transformation and are not shared across different transformations or different customers. The items can be reviewed and managed by transformation owners, who can enable or disable specific learnings. The learning process occurs automatically after transformations are completed, requiring no additional user input.

AWS Transform CLI can be easily embedded in CI/CD pipelines and run directly in your own build infrastructure. This allows you to integrate transformations into your existing development and deployment workflows, enabling automated execution as part of your standard processes.

You need an AWS account and IAM permissions to run the AWS Transform CLI. Access to AWS Transform web application requires AWS IAM Identity Center, but it is not required to access the functionalities in the CLI.

AWS Transform - continuous modernization is an AWS Transform capability for continuous code modernization, shifting enterprises from manual, episodic patching to perpetual portfolio modernization. It brings proactive discovery and autonomous remediation of technical risk across entire software portfolios, addressing outdated dependencies, AI readiness gaps, and security vulnerabilities, and enabling portfolio-wide software best practices.

The service continuously monitors your repositories, surfaces prioritized findings by severity, and automatically generates remediations as pull requests. Organizations reduce operational maintenance costs while gaining real-time visibility into software health (security posture, code quality, compliance status, and technical debt metrics) across thousands of repositories, preparing their code for the next generation of agentic development.     

AWS Transform - continuous modernization delivers four core capabilities:

Tech Debt Analysis: On-demand or scheduled scanning across five analysis types: comprehensive tech debt (outdated dependencies, deprecated APIs, code quality), quick tech debt (fast dependency scan), security vulnerabilities (CVEs, misconfigurations), agentic readiness, and modernization readiness. Findings are prioritized by severity (high, medium, low) with actionable remediation guidance. Analyses can run locally for quick feedback or at scale on AWS infrastructure (Fargate, EC2) across all repositories in a source.

Autonomous Remediation: Generates validated fixes and opens pull requests automatically for GitHub, GitLab, and Bitbucket sources. For local sources, changes are committed to a new branch for review. Remediation supports built-in transforms (Java 8→21, Python 3.9→3.12,Node.js 18→22, AWS SDK v1→v2) and can be configured with severity thresholds to control which findings are auto-fixed versus routed for human review.

Reporting: Generate HTML reports summarizing findings by severity, repository, and analysis type. Reports can be stored locally or in S3 for sharing across teams.

Continuous Modernization: Configure recurring analyses (daily, weekly, custom cron) via EventBridge rules. Enable continuous remediation to automatically fix new findings as they are detected, with configurable severity thresholds (for example, auto-fix high-severity immediately, batch medium-severity daily, log-only for low-severity).

AWS Transform - continuous modernization adapts to your workflow. For continuous portfolio modernization, follow these phases:

Phase 1: Choose execution mode: Select Local mode (runs on your machine, good for trying it out or small repos) or Infrastructure mode (runs on AWS with Fargate or EC2, supports teams, scheduling, and scale).

Phase 2: Connect sources: Link your GitHub organization, GitLab group, Bitbucket workspace, or local folder by providing access credentials. Run discovery to enumerate all repositories under that source. A single connection covers all repositories with no per-repo setup required.

Phase 3: Set up execution environment (Infrastructure mode only): Deploy the provided CDK stack which provisions Fargate compute, S3 storage, and required IAM roles. This is a one-time setup that all team members reuse. For Local mode, skip this step. 

Phase 4: Run analysis: Choose from tech debt (quick or comprehensive), security, agentic readiness, or modernization readiness analysis. The analysis surfaces prioritized findings across all connected repositories. Monitor progress and view results when complete.

Phase 5: Review and remediate: Review findings by severity and repository. Trigger auto-remediation to generate fixes and open pull requests automatically, or apply changes to local branches for manual review before pushing.

Phase 6: Enable continuous modernization (optional): Schedule recurring analyses (daily, weekly) and configure continuous remediation with severity thresholds. Monitor portfolio health through generated reports.

AWS Transform - continuous modernization can be accessed through three interfaces:

AWS Transform - continuous modernization CLI (Command Line Interface)

The CLI is used to connect sources, run discovery, execute analyses, review findings, and trigger remediations on local codebases either interactively or autonomously. It is deployed as a simple, scriptable CLI that can be integrated with any source control system or deployment pipeline. The CLI is intentionally minimal and composable, and can be run on individual developer machines, in a container, or as part of your organization's greater modernization framework.

AWS Transform Skill/Power

The AWS Transform skill integrates with AI coding assistants (Claude Code, Kiro) through the MCP plugin. This enables natural language interaction for connecting sources, running analyses, reviewing findings, and triggering remediations directly from your development environment. The skill guides users through onboarding, detects existing setup, and provides contextual help throughout the workflow.

AWS Transform Web Application

The AWS Transform web application can be used to monitor portfolio health across multiple repositories. It allows you to view analysis results, review findings at scale, and track real-time progress on remediation campaigns.

You need an AWS account and IAM permissions to run the continuous modernization capability CLI. For source connections, you need appropriate access credentials:

• GitHub (including Enterprise and self-hosted): Personal Access Token (PAT) with repo scope

• GitLab (including Enterprise and self-hosted): Personal Access Token with api scope

• Bitbucket (including Cloud and Data Center): API token with repository and pull request scopes. Cloud also requires your account email and username; Data Center requires the instance URL.

• Local folders: File system access to the parent directory containing your repositories

 For local execution, no additional infrastructure is required. For remote execution at scale (Fargate or EC2), deploy the provided CDK stack once; all team members reuse the same infrastructure. Access to the AWS Transform web application requires AWS IAM Identity Center, but it is not required to access the functionalities in the CLI or skill.

The continuous modernization capability CLI can be easily embedded in CI/CD pipelines and run directly in your own build infrastructure. This allows you to integrate analyses and remediations into your existing development and deployment workflows, enabling automated execution as part of your standard processes.

Information on AWS Transform - continuous modernization capability pricing can be found on the AWS Transform pricing page.

We may use certain Content from AWS Transform for service improvement. AWS Transform may use this content, for example, to provide better responses to common questions, fix AWS Transform operational issues, for de-bugging, or for model training.

You can opt out of service improvement at any time through your service settings. For the AWS Transform web console experience, opt out by configuring an AI services opt-out policy in AWS Organizations. For more information, see AI services opt-out policies in the AWS Organizations User Guide. For the IDE, adjust your settings in the IDE to opt out.

Your trust, your privacy, and the security of your data are our highest priority. We implement appropriate and sophisticated technical and physical controls, including encryption at rest and in transit. This is designed to prevent unauthorized access to, or disclosure of, your data and ensure that our use complies with our commitments to you. See Data Privacy FAQs for more information.

When you provide code that you own into AWS Transform, you retain ownership in the ported version of your code. Once the porting is completed, you can review the output and either modify it prior to deploying into production or use it as-is.

Yes. Contact your AWS account team and ask for the Service Accelerator Document for AWS Transform. If your organization has a mutually signed NDA with AWS, then your account team will share the documents.

Unless explicitly opted out, content from AWS Transform might also be used for enhancing or improving the quality of Foundation Models (FMs). This data will not be shared with other third-party model providers. Your content will not be used if you use the opt-out mechanism described in the documentation. For more information, see Sharing your data with AWS.