AWS Transform

AWS Transform Cheat Sheet

AWS Transform is an agentic AI service designed to accelerate enterprise modernization of full-stack Windows, mainframe, and VMware workloads, as well as custom transformations of code, APIs, and frameworks. Built on 20 years of AWS migration experience, it uses specialized AI agents to automate complex tasks such as assessments, code analysis, refactoring, decomposition, dependency mapping, validation, and transformation planning. The service enables teams to modernize hundreds of applications in parallel through a natural language chat experience and shared workspaces.

Key Benefits of AWS Transform

Accelerate modernization – Modernize Windows, mainframe, and VMware applications up to 5x faster with AI-powered automation of analysis, planning, documentation, and transformation tasks.
Deliver projects at scale – Transform hundreds of applications in parallel. AWS Transform automates high-effort, repeatable tasks so teams can handle larger, more complex projects.
Reduce costs – Lower legacy infrastructure, licensing, and modernization costs on your path to the cloud.
Built on AWS expertise – Leverage specialized AI agents built on 20 years of AWS migration experience across Windows, mainframe, VMware, and custom transformations.

AWS Transform Use Cases

Use Case	Description
Full-stack Windows modernization	Accelerates modernization of .NET applications, SQL Server databases, and deployment processes. Reduces operating costs by up to 70% by moving away from costly licenses.
Mainframe modernization	Streamlines mainframe workload transformation from analysis and planning to code refactoring and application reimagining. Reduces timelines from years to months.
VMware migration	Automates application discovery, dependency mapping, network translation, wave planning, and EC2 instance selection to accelerate VMware workload migration.
Custom transformations	Automates code transformations for Java, Node.js, Python upgrades, version upgrades, runtime migrations, and complex language translations. Learns from code samples, documentation, and developer feedback.

Key Terminologies in AWS Transform

Term	Definition
Agent	A task-specific service that executes a specific transformation type (e.g., VMware migrations).
Workspace	An AWS Transform resource that contains other resources like connectors and jobs. Serves as a permissions boundary.
Connector	Asset providers that allow access to customer-owned resources in external systems.
Job	A long-running process (weeks to months) that AWS Transform works on to fulfill an objective. Made up of multiple tasks.
Objective	A user-defined end state that AWS Transform works to reach. Converted into a series of tasks.
Task	An individual unit of work that is part of a job.
Plan	A list of tasks that AWS Transform undertakes in pursuit of an objective.
Artifact	An output deliverable produced by AWS Transform.
Asset	Input for a transformation job (e.g., source code, server, database, network). Accessed via a connector.
Worklog	A log of actions AWS Transform and users have performed as part of a job.
Collaborator request	A task where AWS Transform asks a human to do something.

User Roles

Role	Permissions
Administrator	Can read and mutate everything in the workspace. Can start chats, start and stop jobs, upload/download artifacts, approve critical HITL actions (merging to main, graph decomposition, deploying code). Can mutate workspaces, connectors, and users.
Approver	Similar to Administrator but cannot mutate workspaces, connectors, or users.
Contributor	Can read everything in the workspace. Can start chats, start and stop jobs, upload/download artifacts, interact with running jobs for HITL actions. Cannot perform critical HITL actions.
Reader	Can view status and outcomes of jobs, read everything in the workspace, download artifacts, view jobs, view HITL actions. Cannot make changes.

Getting Started with AWS Transform

Enable AWS Transform

Sign in to the AWS Management Console.
Search for and select AWS Transform.
Choose Get started to enable the service in your current Region.
Optional: Configure IAM Identity Center (you can also choose a third-party IdP later).
Select an encryption key: default AWS managed key or customize settings.
Choose which AWS Transform capabilities to enable:
- Command line interface (CLI) – needed for creating and running custom transformations.
- Web application – the agentic user interface for modernization.
Choose Enable AWS Transform.
Configure user access by choosing an identity provider (IAM Identity Center or third-party IdP). This choice cannot be changed after enabling.

After enabling, the Settings tab displays:

Web application URL
Start URL for IDE
Region where AWS Transform is enabled

Discovery Tool

The AWS Transform discovery tool helps you automatically discover server inventory in your organization to prepare for migration. You set it up, let it run, and then check the results in the Discovered Inventory pane.
After you configure vCenter access, the tool starts collecting information. How long it needs to run depends on the size of your VMware environment. For a directional migration business case, you can use the VMware MPA file that the tool generates after server collection finishes.

Workflow

The discovery tool workflow has two types of activities:

Configuration activities
Data review and use

Steps to install and use the discovery tool:

Install the discovery tool on vCenter.
Set up vCenter access. Data discovery begins after this step.
Set up OS access and review the collection status of VMware servers, databases, and network connections.
Adjust OS credentials as needed.
To generate a migration business case, upload the ZIP file to Migration assessment or unzip it and upload vmware_data_mpa.csv from the mpa_exports directory.

Mainframe Modernization

AWS Transform is designed to speed up modernization of legacy mainframe applications. It handles analysis of mainframe codebases, generates documentation, extracts business logic, decomposes monolithic structures, transforms legacy code, and manages the whole journey with human input when needed. This helps you modernize critical mainframe applications faster while keeping your business logic intact throughout the process.

Capabilities and Key Features

Supports modernization of zOS mainframe applications written in COBOL with associated JCL, CICS transactions, BMS screens, Db2 databases, and VSAM data files.
Supports refactoring of Fujitsu GS21 mainframe applications with PSAM, Japanese character sets, and NDB data files.
Performs goal-driven reasoning, analysis, decomposition, planning, documentation generation, and code refactoring.
Automatically refactors COBOL-based mainframe workloads into modern, cloud-optimized Java applications.
Orchestrates and integrates with underlying tools for analysis, documentation, decomposition, planning, and code refactoring.
Helps you set up cloud environments for modernized applications by providing ready-to-use Infrastructure as Code (IaC) templates.

High-Level Walkthrough

Start a chat with AWS Transform and enter an objective.
Based on your objective, AWS Transform proposes a modernization plan that breaks down the high-level goal into intermediate steps.
Depending on the goal, AWS Transform can:
- Analyze the codebase
- Generate technical documentation
- Extract business logic from mainframe applications
- Decompose monolithic applications into functional domains
- Plan waves for code modernization
- Refactor application assets, including transforming COBOL to Java and optionally Reforge to improve quality
- Re-run jobs as needed
AWS Transform may request information from you along the way to execute tasks.

Human in the Loop (HITL)

You can monitor progress and status of transformation tasks through the AWS Transform web experience. AWS Transform asks for additional information when:

More information is needed to execute tasks.
Approval is required for intermediate artifacts like domains decomposition or wave planning.
Issues come up that AWS Transform cannot automatically resolve.

Supported File Types

For zOS:

COBOL artifacts and related CPY (Copybooks)
JCL and JCL Procedure (PROC)
CICS System Definition (CSD)
BMS (Basic Mapping Support)
Db2 databases
VSAM (Virtual Storage Access Method)
IMS TM (Transaction Manager)

For Fujitsu GS21:

PSAM (Presentation Service Access Method)
ADL (AIM Definition Language)

NDB (Network Data Base)

VMware Migration

The VMware agent automates:

Application discovery and dependency mapping
Network translation
Wave planning
Amazon EC2 instance selection optimization

Full-Stack Windows Modernization

Speeds up modernization across application, UI framework, database, and deployment layers.
Uses a specialized Windows modernization agent for .NET applications and SQL Server databases.
Helps reduce operating costs by up to 70% by moving away from expensive licenses.

Custom Transformations

Comes with out-of-the-box transformations for Java, Node.js, and Python upgrades.
Handles custom, organization-specific transformations such as version upgrades, runtime migrations, complex language translations, and architectural changes.
Keeps learning from code samples, documentation, and developer feedback.

Security

Shared Responsibility Model

Security of the cloud – AWS is responsible for protecting the infrastructure that runs AWS services.
Security in the cloud – Your responsibility depends on which AWS service you use and other factors like data sensitivity, company requirements, and applicable laws.

Key Security Topics

Data protection
Identity and access management
Compliance validation
Resilience
Interface endpoints (AWS PrivateLink)

Monitoring

Monitoring helps you maintain reliability, availability, and performance of AWS Transform. AWS provides these tools:

Tool	Purpose
Amazon CloudWatch	Monitors AWS resources in real time. You can collect metrics, create dashboards, and set alarms that take action when a metric reaches a threshold.
CloudWatch Logs	Lets you monitor, store, and access log files from various sources. Can notify you when certain thresholds are met.
Amazon EventBridge	Automates responses to system events like resource changes or availability issues. Events are delivered in near real time.
AWS CloudTrail	Captures API calls and related events made by or on behalf of your AWS account. Helps identify who made calls, source IP addresses, and when calls happened.