AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-06-07 · Documentation low

File: prescriptive-guidance/latest/rehost-servers-over-private-networks-mgn/architecture.md

Summary

Updated service name from 'Application Migration Service' to 'MGN' or 'AWS Transform MGN' throughout the document. Changed references to AWS services in network requirements and endpoint configurations.

Security assessment

The changes are branding updates (renaming Application Migration Service to MGN/AWS Transform MGN). No security vulnerabilities, configurations, or features were modified. Security-related recommendations (using private IPs, VPC endpoints) remain unchanged.

Diff

diff --git a/prescriptive-guidance/latest/rehost-servers-over-private-networks-mgn/architecture.md b/prescriptive-guidance/latest/rehost-servers-over-private-networks-mgn/architecture.md
index 72e226159..3af6b5a23 100644
--- a//prescriptive-guidance/latest/rehost-servers-over-private-networks-mgn/architecture.md
+++ b//prescriptive-guidance/latest/rehost-servers-over-private-networks-mgn/architecture.md
@@ -5 +5 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Migrating on-premises servers to AWS over private networks by using AWS Application Migration Service](welcome.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Migrating on-premises servers to AWS over private networks by using AWS Transform MGN](welcome.html)
@@ -15 +15 @@ This section provides a detailed description of the most restrictive scenario, w
-The [staging subnet](https://docs.aws.amazon.com/mgn/latest/ug/subnet.html) is the most important part of the replication infrastructure. This is where all Application Migration Service [replication servers](https://docs.aws.amazon.com/mgn/latest/ug/replication-server-settings.html) will be launched, and it contains the IP addresses the replication traffic will be directed to. For inbound private data replication, configure the [replication server settings](https://docs.aws.amazon.com/mgn/latest/ug/template-vs-server.html) for Application Migration Service with the [Use private IP option](https://docs.aws.amazon.com/mgn/latest/ug/use-private-ip.html).
+The [staging subnet](https://docs.aws.amazon.com/mgn/latest/ug/subnet.html) is the most important part of the replication infrastructure. This is where all MGN [replication servers](https://docs.aws.amazon.com/mgn/latest/ug/replication-server-settings.html) will be launched, and it contains the IP addresses the replication traffic will be directed to. For inbound private data replication, configure the [replication server settings](https://docs.aws.amazon.com/mgn/latest/ug/template-vs-server.html) for MGN with the [Use private IP option](https://docs.aws.amazon.com/mgn/latest/ug/use-private-ip.html).
@@ -17 +17 @@ The [staging subnet](https://docs.aws.amazon.com/mgn/latest/ug/subnet.html) is t
-For [outbound requirements](https://docs.aws.amazon.com/mgn/latest/ug/Network-Requirements.html#Communication-TCP-443-Staging), you can use the [Create public IP](https://docs.aws.amazon.com/mgn/latest/ug/use-private-ip.html#public-ip) option to choose whether replication servers will communicate with required AWS services (Amazon S3, Application Migration Service, Amazon EC2) over private or public IP. The standard options to provide outbound internet connectivity are listed in the [Application Migration Service documentation](https://docs.aws.amazon.com/mgn/latest/ug/Network-Requirements.html#Communication-TCP-443-Staging): either a public IP address with an internet gateway or a private IP address with a NAT gateway. Both options allow you to implement a simplified hybrid scenario in which data replication traffic goes over a private connection (Site-to-Site VPN or AWS Direct Connect) while replication servers communicate with AWS services over the public network. 
+For [outbound requirements](https://docs.aws.amazon.com/mgn/latest/ug/Network-Requirements.html#Communication-TCP-443-Staging), you can use the [Create public IP](https://docs.aws.amazon.com/mgn/latest/ug/use-private-ip.html#public-ip) option to choose whether replication servers will communicate with required AWS services (Amazon S3, MGN, Amazon EC2) over private or public IP. The standard options to provide outbound internet connectivity are listed in the [MGN documentation](https://docs.aws.amazon.com/mgn/latest/ug/Network-Requirements.html#Communication-TCP-443-Staging): either a public IP address with an internet gateway or a private IP address with a NAT gateway. Both options allow you to implement a simplified hybrid scenario in which data replication traffic goes over a private connection (Site-to-Site VPN or AWS Direct Connect) while replication servers communicate with AWS services over the public network. 
@@ -23 +23 @@ However, having public outbound connectivity is usually prohibited in closed cor
-  * VPC interface endpoints to communicate with Application Migration Service and Amazon EC2
+  * VPC interface endpoints to communicate with MGN and Amazon EC2
@@ -34 +34 @@ The source subnet is any subnet you are replicating from. This is where your [so
-  * Communicating over HTTPS/TCP port 443 with AWS services such as Amazon S3 and Application Migration Service
+  * Communicating over HTTPS/TCP port 443 with AWS services such as Amazon S3 and MGN
@@ -45 +45 @@ This guide focuses on a more restrictive scenario where even HTTPS traffic to AW
-  * VPC interface endpoints for Application Migration Service and Amazon S3 (Regional interface endpoint, not the gateway endpoint that's required for replication servers)
+  * VPC interface endpoints for MGN and Amazon S3 (Regional interface endpoint, not the gateway endpoint that's required for replication servers)
@@ -56 +56 @@ The target subnet is any subnet that you plan to launch your servers into, inclu
-However, Application Migration Service also [automatically installs](https://docs.aws.amazon.com/mgn/latest/ug/AWS-Related-FAQ.html#Which-AWS-Services-Automatically-Installed-Target) several tools such as EC2Config or AWS Systems Manager Agents (SSM Agents) on target instances, and these activities require outbound HTTPS/TCP port 443 connectivity from target instances and subnets.
+However, MGN also [automatically installs](https://docs.aws.amazon.com/mgn/latest/ug/AWS-Related-FAQ.html#Which-AWS-Services-Automatically-Installed-Target) several tools such as EC2Config or AWS Systems Manager Agents (SSM Agents) on target instances, and these activities require outbound HTTPS/TCP port 443 connectivity from target instances and subnets.