Migration Checklist: AWS RDS to Azure SQL Database
Overview
- Risk Level: Critical (Database availability directly impacts revenue and operations).
- Timeline: 4–6 weeks (depending on dataset size and latency requirements).
- Team Size: 4–6 members (DBA, Cloud Architect, Security/Compliance Officer, DevOps Engineer, QA Lead).
Phase 1: Pre-Migration Planning (Weeks 1-3)
Assessment & Infrastructure
- Audit current AWS RDS instance (IOPS, storage, engine version, and extensions).
- Provision Azure SQL Database instance (matching or exceeding AWS RDS performance tier).
- Configure Virtual Network (VNet) peering or ExpressRoute for secure connectivity.
- Install and configure the Azure Database Migration Service (DMS).
- Evaluate schema compatibility using the Data Migration Assistant (DMA).
- Document all stored procedures, triggers, and user-defined functions for refactoring.
- Establish a baseline for latency and throughput metrics on the AWS source.
Data Mapping & Security
- Map AWS IAM roles to Azure RBAC and Microsoft Entra ID (formerly Azure AD) identities.
- Define encryption-at-rest strategy using Azure Key Vault with Customer-Managed Keys (CMK).
- Configure firewall rules to allow traffic only from the migration appliance IP.
- Map source database users to target database users and assign least-privilege permissions.
- Develop a rollback strategy and document the "Point of No Return".
Golden Copy & Integrity
- Execute a full "Golden Copy" backup of the AWS RDS instance.
- Validate backup integrity using checksum verification.
- Perform a test restore of the backup to a staging environment to ensure data consistency.
- Identify and document any incompatible data types (e.g., AWS-specific extensions).
- Scrub sensitive data in the staging environment to comply with data minimisation principles.
Integration Audit
- Catalogue all application connection strings currently pointing to AWS RDS.
- Identify all third-party reporting tools (e.g., PowerBI, Tableau) connecting to the source.
- Verify compatibility of API endpoints with the new Azure SQL connection string format.
- Audit all automated batch jobs (cron/Lambda) that trigger database writes.
Phase 2: Migration Execution
Pre-Cutover
- Execute a dry-run migration using a subset of the production data.
- Verify data row counts between AWS RDS and Azure SQL.
- Perform performance benchmarking on the Azure target to confirm IOPS parity.
- Notify stakeholders of the scheduled maintenance window.
- Create a "Go/No-Go" decision matrix based on dry-run results.
- Set up continuous data replication (CDC) between RDS and Azure SQL.
- Synchronise logins and passwords to the target environment.
Cutover Day
- Trigger "Maintenance Mode" on the production application (disable writes).
- Perform final transaction log backup on AWS RDS.
- Verify that all pending transactions have replicated to Azure SQL.
- Change connection strings in the application configuration files.
- Point DNS or Load Balancer traffic to the new Azure SQL instance.
- Enable write access on the application layer.
- Monitor error logs for "Connection Refused" or "Authentication Failed" messages.
- Validate application functionality through a smoke test suite.
Verification
- Confirm successful connection of all upstream microservices.
- Run automated health checks against the Azure SQL database.
- Verify that all scheduled tasks (e.g., backups, index maintenance) are active.
- Confirm that monitoring agents (e.g., Azure Monitor, Datadog) are reporting metrics.
- Validate that firewall rules are strictly limited to necessary application subnets.
Phase 3: Post-Migration Optimization
Stabilization
- Monitor Azure SQL CPU, memory, and DTU/vCore consumption for 48 hours.
- Review query execution plans for any regressions compared to RDS.
- Update index statistics to ensure the query optimiser is performing efficiently.
- Enable Query Store in Azure SQL for long-term performance tracking.
- Configure automated alerts for high latency or connection spikes.
Cleanup
- Decommission the AWS RDS instance only after the 7-day stability period.
- Securely wipe the AWS RDS snapshot per internal data retention policies.
- Remove temporary migration appliance instances and firewall holes.
- Archive all migration logs for audit purposes.
Retrospective
- Conduct a post-mortem meeting with the migration team.
- Update internal documentation to reflect the new architecture.
- Document lessons learned regarding downtime duration and data transfer speeds.
- Transition the project from "Migration" to "Business As Usual" (BAU) support.
UK GDPR Compliance Checklist
- Ensure the Azure region selected is within the UK (e.g., UK South or UK West) to comply with data residency requirements.
- Update the Data Protection Impact Assessment (DPIA) to include the new infrastructure.
- Configure Azure SQL auditing to log all access to personal data.
- Ensure data remains encrypted in transit (TLS 1.2+).
- Verify that the Data Processing Agreement (DPA) with Microsoft covers the new service.
- Implement row-level security (RLS) if multi-tenancy involves UK personal data.
- Test the "Right to Erasure" (Right to be Forgotten) workflow against the new database schema.
Troubleshooting Common Issues
- Issue: Connection timeout errors. Fix: Check Azure Network Security Group (NSG) rules.
- Issue: Character encoding mismatches. Fix: Verify collation settings match the source database.
- Issue: High latency. Fix: Ensure the application and database are in the same Azure region.
- Issue: Missing logins. Fix: Manually recreate SQL-authenticated users if AD migration failed.
- Issue: Stored procedure failure. Fix: Recompile procedures to refresh dependencies.
Downloadable Resources List
- Migration Project Plan Template (.xlsx)
- Azure SQL Performance Tuning Guide (PDF)
- UK GDPR Compliance Mapping Document (.docx)
- Rollback Procedure Script Library (.zip)
- Communication Plan for Stakeholders (.pptx)