switching software/cloud infrastructure

AWS to Azure Migration Plan for UK SMEs (Zero Data Loss)

Step‑by‑step cloud migration guide covering networking, storage, IAM, and rollback strategy.

Executive Summary

This guide outlines the strategic migration of enterprise workloads from AWS to Microsoft Azure, specifically targeting the UK South (London) and UK West (Cardiff) regions. The objective is to transition from AWS-native constructs (VPC, IAM, EC2, RDS) to Azure equivalents (VNet, Entra ID, Virtual Machines, Azure SQL) while maintaining operational continuity and regulatory compliance.

Why Businesses Migrate: Drivers & Anti-patterns

  • Drivers: Microsoft Enterprise Agreement (EA) consolidation, superior integration with M365/Active Directory, or specific industry compliance requirements.
  • Anti-patterns: "Lift-and-Shift" without rightsizing (leading to higher costs), ignoring the shift from AWS Security Groups to Azure Network Security Groups (NSGs), and failing to map IAM roles to Azure Role-Based Access Control (RBAC).

The 6 Rs of Cloud Migration

  • Rehost (Lift & Shift): Moving VMs as-is using Azure Migrate. Minimal changes, but carries technical debt.
  • Replatform (Lift & Reshape): Moving to Managed Services (e.g., RDS to Azure SQL). Low effort, high performance gain.
  • Refactor (Re-architect): Moving to PaaS/Serverless (App Service, AKS). Highest effort, highest long-term agility.
  • Note: Repurchase, Retire, and Retain strategies apply as standard industry practice.

Pre-Migration Assessment

  • Inventory: Use Azure Migrate (Appliance) to discover AWS dependencies.
  • Network Mapping: AWS VPCs are regional; Azure VNets are regional but support VNet Peering. Map AWS Subnets to Azure Subnets; replace AWS Transit Gateway with Azure Virtual WAN for hub-spoke architectures.
  • IAM: AWS IAM Users/Roles map to Microsoft Entra ID (formerly Azure AD). Use the AWS-to-Azure IAM Mapping tool to translate permissions to Azure RBAC roles.
  • Data Transfer: Calculate egress costs. Use Azure Data Box for multi-terabyte datasets or AWS Direct Connect to Azure ExpressRoute gateways for high-bandwidth, low-latency connectivity during the transition.

Step-by-Step Execution Plan

  1. Pilot: Select a low-criticality dev/test workload. Establish VPN connectivity between the AWS VPC and Azure VNet.
  2. Foundation: Deploy Landing Zones using Azure Blueprints or Terraform/Bicep. Configure Governance (Azure Policy) and Entra ID synchronization.
  3. Data Migration: Use Azure Database Migration Service (DMS) for SQL workloads. Utilize Azure Migrate for server-level replication.
  4. Cutover: Perform a final sync, update DNS (Azure Traffic Manager or Front Door), and decommission the AWS source environment after a validation period.

Troubleshooting Common Issues

  • Networking: AWS Security Groups are stateful; ensure Azure NSGs/ASGs are configured with explicit Allow rules, as Azure defaults can be more restrictive.
  • Identity: Mismatched UPNs between AWS-managed AD and Entra ID. Resolve via Entra Connect prior to migration.
  • Performance: Disk I/O disparity. AWS EBS Provisioned IOPS do not map 1:1 to Azure Managed Disks (Premium SSD); adjust during the assessment phase.

UK-Specific Compliance

  • Data Residency: Ensure resources are deployed strictly in UK South or UK West. Use Azure Policy to restrict resource deployment to these regions.
  • GDPR: Azure provides comprehensive DPA (Data Processing Addendum) documentation. Ensure all logs/backups stored in Azure Blob Storage utilize "UK South" as the primary region to prevent cross-border data transfer violations.

Cost Modeling

  • TCO Analysis: Utilize the Azure Pricing Calculator. Factor in the "Azure Hybrid Benefit" if you have existing on-premises Windows/SQL licenses, which significantly reduces costs compared to AWS EC2 licensing.
  • Egress: AWS charges for data egress; ensure budget for the final data sync from AWS to Azure.

Conclusion

Migrating from AWS to Azure requires a shift in mental models—specifically regarding the transition from flat, account-based structures in AWS to the hierarchical Management Group/Subscription structure in Azure. By focusing on Entra ID integration and utilizing Azure-native migration tools, enterprises can ensure a secure and compliant transition to the UK regions.