AWS prescriptive-guidance documentation change
Summary
Updated migration guidance, added tool reference for dependency discovery, expanded assessment questionnaire with new questions about technology stack, data flows, technical complexity, business risk, and data confidence
Security assessment
The changes focus on general assessment improvements and migration best practices. While the text mentions unplanned changes increasing security risks, this is existing guidance without new security-specific content. Added questions about technology stacks and data flows could indirectly support security planning but don't directly document security features or address vulnerabilities.
Diff
diff --git a/prescriptive-guidance/latest/application-portfolio-assessment-guide/detailed-application-assessment.md b/prescriptive-guidance/latest/application-portfolio-assessment-guide/detailed-application-assessment.md index 214f27b1f..d78b3b236 100644 --- a//prescriptive-guidance/latest/application-portfolio-assessment-guide/detailed-application-assessment.md +++ b//prescriptive-guidance/latest/application-portfolio-assessment-guide/detailed-application-assessment.md @@ -13 +13 @@ The goal of a detailed application assessment is the complete understanding of t -The key is to avoid last-minute changes during and after migration. For example, when migrating, it's important to avoid changes based on unidentified dependencies that might require the inclusion of a server into an ongoing migration wave. Shortly after migration, it's important to avoid changes based on the associated platform requirements to allow traffic or deploy additional services. These kinds of unplanned changes increase the risk of security and operational issues. We highly recommend using programmatic discovery tooling to validate traffic patterns and dependencies when performing detailed application assessments. +The key is to avoid last-minute changes during and after migration. For example, when migrating, it's important to minimize changes based on unidentified dependencies that might require the inclusion of a server into an ongoing migration wave. Shortly after migration, it's important to minimize changes based on the associated platform requirements to allow traffic or deploy additional services. These kinds of unplanned changes increase the risk of security and operational issues. We highly recommend using programmatic discovery tooling to validate traffic patterns and dependencies when performing detailed application assessments. @@ -34 +34 @@ There are two approaches for detailed discovery. Top-down discovery starts with -To dive deep into an application, existing architecture diagrams are good start. If these are not available, create one based on current knowledge. Do not underestimate the importance of this task, even for simple rehost or relocate migration strategies. Plotting architectural diagrams helps you to identify inefficiencies that can be quickly addressed with minor changes when in the cloud. +To dive deep into an application, existing architecture diagrams are good start. If these are not available, create one based on current knowledge. Do not underestimate the importance of this task, even for simple rehost migration strategies. Plotting architectural diagrams helps you to identify inefficiencies that can be quickly addressed with minor changes when in the cloud. @@ -38 +38 @@ Depending on whether you are performing a top-down or bottom-up approach, the in -In the absence of tooling to validate dependencies and mapping, a manual approach is required. For example, you can log into infrastructure components and run scripts to collect communication information such as open ports and established connections. Likewise, you can identify running processes and installed software. Don't underestimate the effort required for manual discovery. Programmatic tooling can capture and report most dependencies in a few days, except those that occur at greater intervals (typically a small percentage). Manual discovery can take weeks to collect and merge all data points, and it can still be prone to errors and missing data. +In the absence of tooling to validate dependencies and mapping, a manual approach is required. For example, you can log into infrastructure components and run scripts to collect communication information such as open ports and established connections. Likewise, you can identify running processes and installed software. Don't underestimate the effort required for manual discovery. Agentic AI tools, such as [Kiro](https://kiro.dev/), can help you build scripts and analyze data outputs. Programmatic tooling can capture and report most dependencies in a few days, except those that occur at greater intervals (typically a small percentage). Manual discovery can take weeks to collect and merge all data points, and it can still be prone to errors and missing data. @@ -40 +40 @@ In the absence of tooling to validate dependencies and mapping, a manual approac -Proceed to obtain the information specified in the [data requirements](./understanding-detailed-assessment-data-requirements.html) section for each prioritized application and the mapped infrastructure. Next, use the following questionnaire to guide you through the detailed assessment process. Meet with the identified stakeholders to discuss the answers to these questions. +Proceed to obtain the information specified in the [data requirements](./understanding-detailed-assessment-data-requirements.html) section for each prioritized application and the mapped infrastructure. Next, use the following questionnaire to guide you through the detailed assessment process. Meet with the identified stakeholders to obtain and discuss the answers to these questions. @@ -58,0 +59,2 @@ Proceed to obtain the information specified in the [data requirements](./underst + * What is the technology stack? Describe operating systems, runtimes, packages, frameworks, and middleware. + @@ -60,0 +63,2 @@ Proceed to obtain the information specified in the [data requirements](./underst + * What are the data flows? Describe batch jobs, ETL, pipelines, and file transfers. + @@ -91 +95 @@ Proceed to obtain the information specified in the [data requirements](./underst - * What does the collected performance information show? Is usage spiky or constant and predictable? What is the time frame, interval, and date of the available performance data? + * What does the collected performance information show? Is usage spiky or constant and predictable? @@ -93 +97 @@ Proceed to obtain the information specified in the [data requirements](./underst - * Are there scheduled batch jobs that are part of or interact with this application? + * What is the time frame, interval, and date of the available performance data? @@ -122,0 +127,6 @@ Proceed to obtain the information specified in the [data requirements](./underst + * What is the technical complexity? + + * What is the business risk? + + * What is the level of confidence in the collected data? +