There is no single "AWS migration strategy" — there are seven disposition choices (the 7 Rs), and the real work is deciding which one fits each application. This page covers all seven in depth, the cost/effort/risk of each, the portfolio analysis that assigns them, migrate-then-modernize sequencing, wave planning, and the TCO business case. A vetted partner runs the assessment (MAP Assess, often AWS-funded) and the migration that follows is frequently MAP-funded too — low or $0 cost to you.
The phrase "migration strategy" makes it sound like one big choice. It is not. A real strategy is a portfolio of decisions — one disposition per application — plus the sequencing that turns them into waves and the business case that justifies the spend. The 7 Rs are the vocabulary for the first part.
AWS's migration framework — the same one its Professional Services and MAP partners use — breaks any migration into three phases: Assess (do we have the business case and the readiness?), Mobilize (build the landing zone, run a pilot, fix the gaps), and Migrate & Modernize (move the applications in waves). The 7 Rs live in the Assess phase — they are how you classify each application before you move anything.
The reason this matters: a 200-application estate does not get one strategy, it gets a distribution — some apps Retired, some Retained, the bulk Rehosted or Replatformed, a small number Refactored. The skill is assigning the right R to each app, not forcing everything into one favorite R. (Section III gives the realistic distribution.)
Gartner originally framed five Rs; AWS extended the model to seven by adding Relocate (move a whole VMware environment without converting the VMs) and splitting out Repurchase. The seven, in AWS's order, are: Retire, Retain, Rehost, Relocate, Repurchase, Replatform, Refactor — the next two sections take each in turn. One framing to carry through: the right strategy is almost always "less ambitious than engineering wants, more ambitious than finance fears," and the way to hit that balance is migrate-then-modernize (Section V).
The first four Rs cover everything from "do nothing but turn it off" to "move it as-is." These dispositions carry the lowest effort and the lowest risk, and they apply to a surprisingly large share of most estates — run the assessment honestly and the discovery tooling routinely surfaces 10–20% of servers as Retire candidates that are not worth migrating at all.
What it means: The application is no longer needed. You decommission it instead of migrating it. Every server you retire is one you do not pay to assess, move, test, or run.
When to choose it: Discovery shows near-zero CPU/network utilization, no recent logins, or the function has been superseded by another system. Classic Retire candidates: duplicate dev/test environments, replaced internal tools, dormant reporting servers.
Cost / effort / risk: Effort: lowest (decommission + confirm nothing depends on it). Cost: negative — you save the run cost immediately. Risk: low, provided dependency mapping confirms nothing calls it. The Application Discovery Service network-connection data is what gives you the confidence to switch something off.
What it means: You deliberately keep the application in its current environment and migrate it later, or never. Also called "revisit."
When to choose it: A hard data-residency or compliance constraint, a mainframe or licensed appliance with no clean cloud path, an app slated for retirement within 12 months, or a tight coupling to another system that must move first. Retain is a valid answer — forcing a doomed app into the cloud to hit a "100% migrated" headline is a mistake.
Cost / effort / risk: Effort: none now (you defer). Cost: you keep the legacy run cost plus a possible hybrid-connectivity bill (Direct Connect, VPN). Risk: a permanent "temporary" hybrid state — Retain should always have a documented revisit date.
What it means: Move the application to AWS with no code changes — same OS, same app, now running on EC2. The workhorse tool is AWS Application Migration Service (MGN): it installs a lightweight agent on the source server, block-replicates it continuously to AWS, and lets you cut over with minutes of downtime.
When to choose it: You need to exit a data center or another cloud quickly (a lease expiry, a renewal deadline), the app is stable and you do not want to touch it, or it is a stepping stone — Rehost now, modernize later once you have AWS usage data. This is the default for the largest share of most portfolios.
Cost / effort / risk: Effort: low–moderate (agent install, replication, test + production cutover). Cost: lowest migration cost, but no cloud-native savings yet because the app still runs as VMs. Risk: low — MGN keeps the source running until cutover and you can roll back if the test fails. The honest tradeoff: a pure lift-and-shift can cost more per month than the source if you forget to right-size, since you are paying for cloud VMs sized like on-prem hardware. Right-sizing during Rehost is where the savings come from.
What it means: Move an entire VMware environment to AWS without converting the individual VMs, using VMware Cloud on AWS (or AWS Outposts for on-prem AWS hardware). The VMs keep running on the same hypervisor, now hosted in AWS.
When to choose it: A large VMware estate that must exit a data center fast, where converting hundreds of VMs to native EC2 one by one would take too long and the team already operates vSphere. Relocate buys time — move in weeks, then Replatform/Refactor selectively afterward.
Cost / effort / risk: Effort: low per-VM (you move clusters, not machines). Cost: VMware Cloud on AWS carries its own licensing/host cost — it is the fastest exit, not the cheapest steady state. Risk: low operationally (no app changes), but plan the eventual move off the VMware layer or you pay the premium indefinitely.
The last three Rs change the application itself — its hosting model, its managed services, or its architecture. They carry more effort and risk, but they are where the durable savings and operational wins come from.
What it means: Retire the application and replace it with a SaaS product instead of migrating your own instance — a self-hosted CRM for Salesforce, a self-managed email server for a hosted service, a custom tool for off-the-shelf SaaS.
When to choose it: The app is commodity (not a differentiator), a mature SaaS equivalent exists, and the migration-plus-run cost of your own instance exceeds the subscription. Repurchase removes the workload from your AWS bill and your ops burden entirely.
Cost / effort / risk: Effort: moderate (data export/import + integration rewiring + user retraining). Cost: trades a run cost for a subscription — model whether it is actually cheaper. Risk: data-migration fidelity and integration gaps are the failure modes; the app-logic risk is gone because you no longer run it.
What it means: Move to AWS while swapping a few components for managed services, without rewriting the application. The canonical move: keep the app code, but move its self-managed database onto Amazon RDS or Aurora, put it behind a load balancer, and containerize it onto ECS / App Runner / Elastic Beanstalk instead of a raw VM. The app does not know the difference; you stop managing database backups, patching, and load balancers yourself.
When to choose it: You want real operational savings without a full rewrite — let AWS run the database and load balancing so your team stops doing undifferentiated heavy lifting. The sweet spot for a large share of web/app workloads, and where migrate-then-modernize usually lands its first step.
Cost / effort / risk: Effort: moderate. Cost: lower steady-state than Rehost — managed services cut operational overhead and right-size automatically. Risk: moderate — moving the database to RDS/Aurora changes connection handling, backup, and failover; test it. Same-engine moves (self-managed PostgreSQL → Aurora PostgreSQL) stay Replatform; an engine-family change (Oracle → Aurora) means heterogeneous migration with the Schema Conversion Tool, closer to Refactor in effort.
What it means: Re-architect the application to take full advantage of AWS — decompose a monolith into microservices, move to serverless (Lambda, API Gateway, EventBridge, DynamoDB), or adopt containers on EKS. The highest-effort disposition.
When to choose it: The current architecture is actively costing you — it cannot scale, cannot ship features fast enough, or its run cost is structurally high. Refactor only pays back with a strong driver: a scaling wall, a feature-velocity problem, or a cost curve a serverless redesign genuinely bends. Refactoring an app that works fine and is cheap to run is wasted money.
Cost / effort / risk: Effort: highest (it is a software project, not a migration). Cost: highest upfront, potentially lowest steady-state and highest agility payoff. Risk: highest — scope creep, timeline blowout, and the temptation to refactor everything at once. The discipline is migrate-then-modernize: get onto AWS via Rehost/Replatform first, then Refactor as a scoped, funded follow-on rather than gating the whole migration on a rewrite.
A typical mid-size estate lands roughly ~10–20% Retire, ~5–10% Retain, ~30–50% Rehost, ~20–30% Replatform, ~5–15% Refactor, plus a few Repurchase/Relocate cases. An 80%-Refactor plan will not survive contact with reality; a 100%-Rehost plan leaves most of the cloud savings on the table.
You do not guess the disposition. You run a discovery + portfolio analysis that gives you the data to assign an R to each application on evidence, not opinion. This is the core of the Assess phase and the first thing a migration partner does.
Discovery comes first. AWS Application Discovery Service (agent-based or agentless via the OVA collector) inventories your servers, captures utilization (CPU, memory, disk, network), and — critically — maps the connections between servers so you can see which machines actually talk to each other. AWS Migration Hub aggregates this into one view and tracks the migration once it starts; for larger estates, partners layer in tooling like Migration Evaluator to model right-sized AWS costs.
With the inventory in hand, each application is scored on a few axes that map cleanly onto a disposition:
The output is a disposition map: every application tagged with one of the 7 Rs, a rough effort estimate, and a dependency-aware grouping. That map drives the wave plan and the business case. A partner produces it in the 2–6 week Assess phase — and under the AWS Migration Acceleration Program, that Assess phase (MAP Assess) is frequently AWS-funded, which is why it often costs you nothing.
Once every app has a disposition, two sequencing decisions remain: when to modernize (almost always after the move, not during), and what order to move things in (the wave plan).
Migrate-then-modernize is the sequencing that works. The longer you run in two places, the longer you pay two bills and carry cutover risk — so the priority is exiting the source environment. Rehost or Replatform to get there, capture the savings, then Refactor the high-value apps as scoped, separately-funded projects once real AWS usage data shows where the spend and the bottlenecks actually are. Modernizing during the migration couples two hard problems — moving and rewriting — and is the single most common reason migrations slip by quarters.
Wave planning sequences the actual moves. You do not migrate 200 apps at once; you move them in waves of related applications. The standard shape:
Before any app moves, the Mobilize phase stands up the AWS foundation: a multi-account Landing Zone (organizations, guardrails, networking, logging, security baseline), identity federation, and the migration tooling. Nothing production moves until it is ready — this is where the assessment's readiness gaps get fixed. (See the DevOps cluster on landing-zone setup for the architecture detail.)
A small, low-risk, representative application moves first. The pilot proves the runbook end-to-end — replication, cutover, validation, rollback — and surfaces the surprises (DNS TTLs, firewall rules, license activation, data-sync windows) while the stakes are low. It is also what unlocks the next MAP funding phase.
The rest move in dependency-aware waves: applications that talk to each other move together, so you are never running a chatty integration across the on-prem/AWS boundary longer than necessary. Each wave follows the runbook the pilot validated. Early waves are deliberately easier (more Rehost) to build momentum; the tightly-coupled or heterogeneous-database waves come later, once the team and the runbook are seasoned.
A migration strategy that cannot be justified financially does not get funded. The Assess phase produces a TCO model and a business case — and this is also where the MAP funding hook does the heavy lifting.
A credible TCO model compares the fully-loaded current cost against the projected AWS cost over a 3-year horizon, and is honest about both sides:
Realistic outcome: well-executed migrations with right-sizing and selective Replatforming typically land a 20–40% steady-state TCO reduction versus the fully-loaded on-prem cost — more when expensive databases move off per-core licensing. Honest framing: a naive lift-and-shift with no right-sizing can be cost-neutral or even more expensive in month one; the savings come from right-sizing, purchase commitments, and managed services, not the move alone.
Then the funding hook. The AWS Migration Acceleration Program (MAP) is built to de-risk exactly this business case: AWS funds the Assess phase (often free), funds Mobilize (pilot + landing zone), and credits a large share of the Migrate & Modernize cost, with the partner paid through MAP. For qualifying migrations — typically those carrying a meaningful post-migration AWS-spend commitment — this brings the customer's net migration cost to little-or-nothing. Where a migration does not qualify, the value is a vetted partner who de-risks the cutover. CloudRoute tells you which of the two you are looking at, up front.
| Strategy (R) | What changes | Effort | Migration cost | Cloud-native benefit | Choose when |
|---|---|---|---|---|---|
| Retire | Nothing — you switch it off | Lowest | Negative (you save) | n/a | Discovery shows no real usage |
| Retain | Nothing — stays in source | None (deferred) | None now | None yet | Compliance / dependency / sunset soon |
| Rehost | Host only (VM → EC2 via MGN) | Low | Lowest move cost | Low (until right-sized) | Fast exit; stable app; stepping stone |
| Relocate | Hypervisor (VMware → VMware Cloud on AWS) | Low per-VM | Low; VMC premium | Low | Large VMware estate, fast exit needed |
| Repurchase | The product (self-host → SaaS) | Moderate | Data + integration cost | Off your bill entirely | Commodity app, mature SaaS exists |
| Replatform | A few components (DB → RDS/Aurora, VM → ECS) | Moderate | Moderate | Real ops savings, no rewrite | Want managed-service wins without a rewrite |
| Refactor | The architecture (monolith → serverless/microservices) | Highest | Highest upfront | Highest (scale + agility) | Architecture is the bottleneck; payback is clear |
Most failed migrations do not fail on technology — the tools are mature. They fail on strategy decisions made, or skipped, in the Assess phase. The recurring ones:
Retire, Retain, Relocate, and Repurchase are usually obvious once discovery is done. The real per-app decision for the bulk of your estate is among these three. This is the comparison that drives most of the disposition map.
| Variable | Rehost (lift-and-shift) | Replatform (lift-tinker-shift) | Refactor (re-architect) |
|---|---|---|---|
| Code changes | None | Minimal (config / managed-service swaps) | Significant (re-architecture) |
| Primary tool | AWS Application Migration Service (MGN) | MGN + RDS/Aurora + ECS/App Runner | Lambda / EKS / DynamoDB / API Gateway |
| Typical timeline per app | Days–weeks | Weeks | Months |
| Steady-state cost | Source-like (lower if right-sized) | Lower (managed services + right-sizing) | Potentially lowest (serverless/elastic) |
| Operational burden | Same as before | Lower (AWS runs the DB / LB) | Lowest (managed + serverless) |
| Risk | Low (rollback to source) | Moderate (DB/connection changes) | High (it is a software project) |
| Best for | Fast exit; stable apps; stepping stone | Most web/app workloads; the modernize sweet spot | Apps where the architecture is the bottleneck |
Situation: A data-center lease expiring in 9 months forced the decision. The team had a hand-maintained server spreadsheet but no real dependency map, no disposition plan, and an internal debate split between "lift-and-shift everything" and "rewrite it all into microservices first." Oracle per-core licensing was a major line item, and nobody had modeled the TCO or knew whether AWS funding applied.
What CloudRoute did: Routed within 24 hours to an AWS Advanced partner with a migration + MAP track record. The partner ran a 4-week MAP Assess (AWS-funded, $0 to the customer): Application Discovery Service mapped utilization + dependencies and assigned the 7 Rs — 14 Retire (dead dev/test + a replaced reporting stack), 6 Retain (a mainframe-adjacent app being sunset within a year), ~48 Rehost via MGN to hit the lease deadline, ~16 Replatform (self-managed PostgreSQL → Aurora, app tier → ECS), and 6 Refactor flagged as funded follow-ons. The Oracle estate was scoped as Replatform-to-Aurora via SCT + DMS to shed license cost. A multi-account landing zone went up in Mobilize, then a pilot, then production in dependency-aware waves.
Outcome: Beat the lease deadline with 6 weeks to spare. Modeled 3-year TCO came in ~34% below the fully-loaded data-center cost, before Oracle license savings landed. MAP funded the Assess phase and credited a large share of the Mobilize + Migrate cost against a post-migration spend commitment — net migration cost was minimal. The 6 Refactor candidates were deferred to scoped follow-on projects. CloudRoute's commission was paid by the partner; the customer paid $0 to CloudRoute.
assess phase: 4 weeks · servers assessed: ~90 · modeled TCO cut: ~34% · assessment cost: $0 (MAP-funded)
CloudRoute routes you to a vetted AWS partner who runs the MAP Assess (discovery + portfolio analysis + TCO + wave plan), then executes the migration. Qualifying migrations are MAP-funded — low or $0 cost. Customer pays $0 to CloudRoute. No procurement theater.