{"id":290,"date":"2026-04-13T12:36:39","date_gmt":"2026-04-13T12:36:39","guid":{"rendered":"https:\/\/www.devopsschool.com\/tutorials\/aws-mainframe-modernization-service-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-migration-and-transfer\/"},"modified":"2026-04-13T12:36:39","modified_gmt":"2026-04-13T12:36:39","slug":"aws-mainframe-modernization-service-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-migration-and-transfer","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/tutorials\/aws-mainframe-modernization-service-tutorial-architecture-pricing-use-cases-and-hands-on-guide-for-migration-and-transfer\/","title":{"rendered":"AWS Mainframe Modernization Service Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Migration and transfer"},"content":{"rendered":"\n

Category<\/h2>\n\n\n\n

Migration and transfer<\/p>\n\n\n\n

1. Introduction<\/h2>\n\n\n\n

What this service is<\/h3>\n\n\n\n

AWS Mainframe Modernization Service is an AWS service for modernizing and running mainframe applications on AWS. It supports modernization patterns such as replatforming<\/strong> (moving workloads with minimal code changes) and refactoring<\/strong> (transforming code to modern languages\/runtimes), while providing a managed experience for building and operating modernized workloads.<\/p>\n\n\n\n

One-paragraph simple explanation<\/h3>\n\n\n\n

If you have COBOL-based or other mainframe-origin workloads and want to move them off a mainframe, AWS Mainframe Modernization Service helps you migrate and operate them on AWS with less infrastructure management. You create an application, set up a runtime environment in your VPC, deploy application versions, and operate them using familiar AWS security, networking, and monitoring tools.<\/p>\n\n\n\n

One-paragraph technical explanation<\/h3>\n\n\n\n

In AWS terminology, the service (often referenced in APIs\/CLI as m2<\/code><\/strong>) lets you create applications<\/strong> and deploy them into managed environments<\/strong> that run in your AWS account and VPC. Depending on your modernization approach, the environment uses an AWS-supported runtime (commonly aligned to replatform\/refactor options). The service integrates with AWS Identity and Access Management (IAM), Amazon VPC, AWS Key Management Service (KMS), Amazon S3, and Amazon CloudWatch\/CloudTrail for governance and observability.<\/p>\n\n\n\n

What problem it solves<\/h3>\n\n\n\n

Mainframe modernization is hard because it combines legacy code<\/strong>, batch scheduling<\/strong>, transaction processing<\/strong>, data dependencies<\/strong>, and strict operational SLAs<\/strong>. AWS Mainframe Modernization Service addresses this by providing a structured, AWS-managed way to:\n– Stand up runtime environments for modernized mainframe workloads\n– Deploy and version application artifacts\n– Operate workloads with AWS-native security, logging, and monitoring\n– Reduce undifferentiated heavy lifting compared to building a custom mainframe emulation\/runtime stack yourself<\/p>\n\n\n\n

\n

Naming note (important): In AWS documentation, the product is typically named \u201cAWS Mainframe Modernization\u201d<\/strong>. This tutorial uses \u201cAWS Mainframe Modernization Service\u201d<\/strong> as the primary name to match the requested service label. Verify the latest naming and capabilities in the official documentation.<\/p>\n<\/blockquote>\n\n\n\n

\n\n\n\n

2. What is AWS Mainframe Modernization Service?<\/h2>\n\n\n\n

Official purpose<\/h3>\n\n\n\n

AWS Mainframe Modernization Service is designed to help customers modernize mainframe applications<\/strong> by providing managed tooling and runtime environments<\/strong> on AWS, supporting common mainframe modernization strategies such as replatforming and refactoring.<\/p>\n\n\n\n

Core capabilities (high level)<\/h3>\n\n\n\n
    \n
  • Create and manage modernization applications<\/strong> and application versions<\/strong><\/li>\n
  • Provision managed runtime environments<\/strong> in your AWS account\/VPC<\/li>\n
  • Deploy application artifacts (commonly via Amazon S3<\/strong>)<\/li>\n
  • Operate workloads with AWS-native IAM<\/strong>, VPC security<\/strong>, KMS encryption<\/strong>, CloudWatch logs\/metrics<\/strong>, and CloudTrail auditing<\/strong><\/li>\n<\/ul>\n\n\n\n

    Major components (conceptual model)<\/h3>\n\n\n\n

    While exact terminology can evolve, the service generally revolves around:<\/p>\n\n\n\n

      \n
    • Application<\/strong><\/li>\n
    • A logical container representing a mainframe workload (or a modernization unit).<\/li>\n
    • \n

      Holds metadata and deployed application versions<\/strong>.<\/p>\n<\/li>\n

    • \n

      Application version<\/strong><\/p>\n<\/li>\n

    • A deployable build\/package of your modernized workload.<\/li>\n
    • \n

      Supports repeatable promotion (dev \u2192 test \u2192 prod) and rollback patterns.<\/p>\n<\/li>\n

    • \n

      Environment<\/strong><\/p>\n<\/li>\n

    • The runtime where an application version runs.<\/li>\n
    • Attached to your VPC\/subnets\/security groups<\/strong>.<\/li>\n
    • \n

      Sized for dev\/test or production operational needs (exact sizing options vary; verify in official docs).<\/p>\n<\/li>\n

    • \n

      Integrations<\/strong><\/p>\n<\/li>\n

    • Amazon S3<\/strong> for artifacts<\/li>\n
    • AWS IAM<\/strong> for access control<\/li>\n
    • Amazon VPC<\/strong> for networking isolation<\/li>\n
    • AWS KMS<\/strong> for encryption (service and related resources)<\/li>\n
    • Amazon CloudWatch<\/strong> and AWS CloudTrail<\/strong> for observability and auditing<\/li>\n<\/ul>\n\n\n\n

      Service type<\/h3>\n\n\n\n
        \n
      • Managed modernization\/runtime service<\/strong> with a control plane operated by AWS.<\/li>\n
      • Creates\/operates runtime infrastructure in the context of your AWS account and VPC (the precise underlying resources are abstracted; treat them as managed).<\/li>\n<\/ul>\n\n\n\n

        Regional\/global\/zonal scope<\/h3>\n\n\n\n
          \n
        • Regional service<\/strong>: you choose an AWS Region and create applications\/environments in that Region.<\/li>\n
        • VPC-scoped runtime<\/strong>: environments attach to VPC networking constructs in that Region.<\/li>\n
        • For Region availability and feature coverage, verify in official docs<\/strong>.<\/li>\n<\/ul>\n\n\n\n

          How it fits into the AWS ecosystem<\/h3>\n\n\n\n

          AWS Mainframe Modernization Service is part of AWS Migration and transfer<\/strong> efforts and is commonly used alongside:\n– AWS Application Discovery Service \/ Migration Hub<\/strong> (planning and tracking) \u2014 where applicable\n– AWS Database Migration Service (AWS DMS)<\/strong> (data migrations) \u2014 when you are also modernizing databases\n– AWS Direct Connect \/ AWS Site-to-Site VPN<\/strong> (hybrid connectivity)\n– Amazon S3<\/strong> (artifact storage)\n– CloudWatch + CloudTrail + AWS Config<\/strong> (operations and compliance)\n– AWS Organizations \/ Control Tower<\/strong> (governance at scale)<\/p>\n\n\n\n

          \n\n\n\n

          3. Why use AWS Mainframe Modernization Service?<\/h2>\n\n\n\n

          Business reasons<\/h3>\n\n\n\n
            \n
          • Reduce mainframe operational costs<\/strong> (hardware, software licensing, specialist staffing) while modernizing at your pace.<\/li>\n
          • Shorten time-to-change<\/strong> by moving to CI\/CD-friendly workflows, versioned deployments, and cloud automation.<\/li>\n
          • Improve agility<\/strong>: integrate legacy business logic with modern digital channels and data platforms.<\/li>\n<\/ul>\n\n\n\n

            Technical reasons<\/h3>\n\n\n\n
              \n
            • Provides a guided path for two common modernization approaches:<\/li>\n
            • Replatform<\/strong>: move workloads with minimal code change, keep much of the existing structure.<\/li>\n
            • Refactor<\/strong>: transform\/translate and progressively modernize code and runtime patterns.<\/li>\n
            • Provides structured application and environment<\/strong> lifecycle operations (create, deploy, update, scale, observe).<\/li>\n<\/ul>\n\n\n\n

              Operational reasons<\/h3>\n\n\n\n
                \n
              • Centralized monitoring\/logging<\/strong> via CloudWatch.<\/li>\n
              • Easier environment parity (dev\/test\/prod) via environment definitions and deployment versioning.<\/li>\n
              • Potentially simplifies patching and runtime operations by leveraging AWS-managed components.<\/li>\n<\/ul>\n\n\n\n

                Security\/compliance reasons<\/h3>\n\n\n\n
                  \n
                • Environments run inside your VPC<\/strong>, enabling network segmentation and private access patterns.<\/li>\n
                • IAM<\/strong> allows granular permission boundaries for dev\/test\/prod.<\/li>\n
                • KMS<\/strong> encryption is available for data at rest across many integrated storage services.<\/li>\n
                • CloudTrail<\/strong> provides auditability.<\/li>\n<\/ul>\n\n\n\n

                  Scalability\/performance reasons<\/h3>\n\n\n\n
                    \n
                  • Ability to provision environments sized for workload demand.<\/li>\n
                  • Easier to integrate with AWS scaling patterns around the modernized runtime (where applicable).<\/li>\n<\/ul>\n\n\n\n

                    When teams should choose it<\/h3>\n\n\n\n

                    Choose AWS Mainframe Modernization Service if:\n– You have mainframe-origin<\/strong> workloads (COBOL\/batch\/transaction-oriented) and want a structured AWS path to modernize.\n– You want AWS-managed runtime\/environment operations rather than building a custom platform.\n– You need governance, security, and operational visibility aligned with AWS best practices.<\/p>\n\n\n\n

                    When they should not choose it<\/h3>\n\n\n\n

                    Avoid or reconsider if:\n– The workload is already a modern distributed application (standard Linux\/Java\/.NET) \u2014 other migration tools may fit better.\n– You need a \u201clift-and-shift VM\u201d approach without modernization \u2014 consider AWS Application Migration Service<\/strong> for server-level migration (not mainframe-specific).\n– Your mainframe workload relies on features or peripherals that cannot be supported\/modernized within the service\u2019s supported patterns (verify feature compatibility early).\n– You cannot meet data residency, compliance, or connectivity constraints required for hybrid modernization and cutover.<\/p>\n\n\n\n

                    \n\n\n\n

                    4. Where is AWS Mainframe Modernization Service used?<\/h2>\n\n\n\n

                    Industries<\/h3>\n\n\n\n

                    Common in industries with long-lived mainframe systems:\n– Banking and financial services\n– Insurance\n– Retail (legacy merchandising, supply chain)\n– Airlines and travel\n– Healthcare payers\n– Government and public sector (eligibility, benefits, taxation)\n– Manufacturing and logistics<\/p>\n\n\n\n

                    Team types<\/h3>\n\n\n\n
                      \n
                    • Platform engineering teams building modernization landing zones<\/li>\n
                    • Application modernization teams (COBOL\/legacy + cloud engineers)<\/li>\n
                    • DevOps\/SRE teams bringing operational rigor and automation<\/li>\n
                    • Security and compliance teams governing sensitive data and workloads<\/li>\n
                    • Data engineering teams coordinating data migration\/replication<\/li>\n<\/ul>\n\n\n\n

                      Workloads<\/h3>\n\n\n\n
                        \n
                      • Batch processing (end-of-day, monthly billing, reporting)<\/li>\n
                      • Transaction processing and online services<\/li>\n
                      • File-based integrations (feeds, exports)<\/li>\n
                      • Workloads with stable business logic but expensive platforms<\/li>\n<\/ul>\n\n\n\n

                        Architectures<\/h3>\n\n\n\n
                          \n
                        • Hybrid modernization (mainframe remains system of record initially)<\/li>\n
                        • Strangler\/parallel-run patterns (modernized app runs alongside legacy for validation)<\/li>\n
                        • Event-driven modernization (legacy outputs become events feeding modern services)<\/li>\n
                        • Service wrapping (expose mainframe logic via APIs while modernizing gradually)<\/li>\n<\/ul>\n\n\n\n

                          Real-world deployment contexts<\/h3>\n\n\n\n
                            \n
                          • Regulated workloads requiring encryption, audit logs, and network isolation<\/li>\n
                          • Large-scale migrations where code modernization and data modernization happen in phases<\/li>\n
                          • Multi-account AWS Organizations setups (separate dev\/test\/prod accounts)<\/li>\n<\/ul>\n\n\n\n

                            Production vs dev\/test usage<\/h3>\n\n\n\n
                              \n
                            • Dev\/test<\/strong>: smaller environments for iterative transformation, test automation, integration tests.<\/li>\n
                            • Pre-prod\/UAT<\/strong>: performance validation, data reconciliation, parallel runs.<\/li>\n
                            • Prod<\/strong>: highly controlled deployments, strict change windows, DR planning, and heavy monitoring.<\/li>\n<\/ul>\n\n\n\n
                              \n\n\n\n

                              5. Top Use Cases and Scenarios<\/h2>\n\n\n\n

                              Below are realistic scenarios where AWS Mainframe Modernization Service fits well. Each assumes you are in a Migration and transfer<\/strong> program and need a managed path for mainframe workload modernization.<\/p>\n\n\n\n

                              1) Replatform a COBOL batch workload to reduce mainframe MIPS cost<\/h3>\n\n\n\n
                                \n
                              • Problem:<\/strong> Batch jobs consume costly mainframe capacity during peak billing cycles.<\/li>\n
                              • Why this service fits:<\/strong> Provides a managed environment to run replatformed batch workloads on AWS with controlled deployments.<\/li>\n
                              • Example scenario:<\/strong> An insurer migrates premium calculation jobs to AWS, keeps existing batch structure, and integrates results back to downstream systems.<\/li>\n<\/ul>\n\n\n\n

                                2) Refactor a customer account system for cloud-native integration<\/h3>\n\n\n\n
                                  \n
                                • Problem:<\/strong> Customer account logic is locked in legacy code; new digital channels need APIs and faster change cycles.<\/li>\n
                                • Why this service fits:<\/strong> Supports modernization approaches that transform code and enable modern runtime patterns.<\/li>\n
                                • Example scenario:<\/strong> A retail bank refactors account servicing logic to integrate with API Gateway and microservices.<\/li>\n<\/ul>\n\n\n\n

                                  3) Parallel-run validation during mainframe exit<\/h3>\n\n\n\n
                                    \n
                                  • Problem:<\/strong> You must prove the modernized workload matches the legacy outputs before cutover.<\/li>\n
                                  • Why this service fits:<\/strong> Application versioning and environment separation support repeatable test runs and controlled releases.<\/li>\n
                                  • Example scenario:<\/strong> Run month-end batch on both platforms and reconcile outputs for multiple cycles.<\/li>\n<\/ul>\n\n\n\n

                                    4) Modernize green-screen dependent workflows<\/h3>\n\n\n\n
                                      \n
                                    • Problem:<\/strong> Operational teams rely on terminal-style interfaces; replacing everything at once is risky.<\/li>\n
                                    • Why this service fits:<\/strong> Many modernization paths preserve operational flows initially while you modernize incrementally (verify specific interface support in official docs).<\/li>\n
                                    • Example scenario:<\/strong> Keep existing operator workflow while introducing a new web UI in parallel.<\/li>\n<\/ul>\n\n\n\n

                                      5) Improve resilience and DR posture for legacy workloads<\/h3>\n\n\n\n
                                        \n
                                      • Problem:<\/strong> DR for mainframes is expensive and operationally complex.<\/li>\n
                                      • Why this service fits:<\/strong> AWS-native DR patterns and infrastructure-as-code can be applied around the modernized runtime.<\/li>\n
                                      • Example scenario:<\/strong> Multi-AZ runtime with cross-Region backups, tested failover runbooks.<\/li>\n<\/ul>\n\n\n\n

                                        6) Modernize file-based data exchange to cloud data lake<\/h3>\n\n\n\n
                                          \n
                                        • Problem:<\/strong> Legacy workloads produce flat files that drive analytics; pipelines are brittle.<\/li>\n
                                        • Why this service fits:<\/strong> Run workload on AWS and land outputs directly in S3 with lifecycle policies and governance.<\/li>\n
                                        • Example scenario:<\/strong> Overnight jobs write outputs to S3, triggering downstream analytics via AWS Glue\/Athena.<\/li>\n<\/ul>\n\n\n\n

                                          7) Replace expensive proprietary tooling with AWS-native operations<\/h3>\n\n\n\n
                                            \n
                                          • Problem:<\/strong> Legacy operations rely on specialized monitoring and job control tooling.<\/li>\n
                                          • Why this service fits:<\/strong> CloudWatch logs\/metrics and AWS-native alerting can replace or integrate with legacy tools.<\/li>\n
                                          • Example scenario:<\/strong> Standardize alerts in Amazon CloudWatch and route incidents to existing ITSM.<\/li>\n<\/ul>\n\n\n\n

                                            8) Segment modernization by application domain<\/h3>\n\n\n\n
                                              \n
                                            • Problem:<\/strong> \u201cBig bang\u201d modernization is too risky; you need domain-by-domain migration.<\/li>\n
                                            • Why this service fits:<\/strong> Applications\/environments map well to domain segmentation and phased cutover.<\/li>\n
                                            • Example scenario:<\/strong> Modernize claims first, then billing, then customer communications.<\/li>\n<\/ul>\n\n\n\n

                                              9) Build a secure modernization sandbox<\/h3>\n\n\n\n
                                                \n
                                              • Problem:<\/strong> Teams need an isolated environment to analyze and test legacy code safely.<\/li>\n
                                              • Why this service fits:<\/strong> IAM + VPC isolation + separate accounts can enforce strong boundaries.<\/li>\n
                                              • Example scenario:<\/strong> A regulated enterprise uses a dedicated sandbox account with restricted egress.<\/li>\n<\/ul>\n\n\n\n

                                                10) Enable CI\/CD-style release management for legacy logic<\/h3>\n\n\n\n
                                                  \n
                                                • Problem:<\/strong> Legacy deployment processes are manual, error-prone, and hard to audit.<\/li>\n
                                                • Why this service fits:<\/strong> Versioned artifacts and environment promotion can integrate with build pipelines.<\/li>\n
                                                • Example scenario:<\/strong> Each build produces a versioned package stored in S3; releases promote versions to UAT and prod with approvals.<\/li>\n<\/ul>\n\n\n\n

                                                  11) Modernize while maintaining hybrid connectivity to remaining mainframe systems<\/h3>\n\n\n\n
                                                    \n
                                                  • Problem:<\/strong> Some subsystems remain on mainframe for years; you need stable low-latency integration.<\/li>\n
                                                  • Why this service fits:<\/strong> Runtime environments attach to VPC and can use Direct Connect\/VPN for hybrid calls.<\/li>\n
                                                  • Example scenario:<\/strong> Modernized batch reads reference data from on-prem and writes results to AWS.<\/li>\n<\/ul>\n\n\n\n

                                                    12) Reduce operational skill bottlenecks<\/h3>\n\n\n\n
                                                      \n
                                                    • Problem:<\/strong> Mainframe skills are scarce; you need to move operations to cloud teams.<\/li>\n
                                                    • Why this service fits:<\/strong> Operations become more aligned with standard AWS operations (IAM, VPC, CloudWatch).<\/li>\n
                                                    • Example scenario:<\/strong> SREs manage SLOs and alerts in the same tooling used across other cloud services.<\/li>\n<\/ul>\n\n\n\n
                                                      \n\n\n\n

                                                      6. Core Features<\/h2>\n\n\n\n
                                                      \n

                                                      Feature availability can vary by Region and modernization approach. Always validate the current feature set in the official AWS docs for AWS Mainframe Modernization Service.<\/p>\n<\/blockquote>\n\n\n\n

                                                      1) Managed modernization runtime environments<\/h3>\n\n\n\n
                                                        \n
                                                      • What it does:<\/strong> Provisions and manages runtime environments for modernized mainframe applications inside your AWS account\/VPC.<\/li>\n
                                                      • Why it matters:<\/strong> Reduces the need to build and operate custom runtime infrastructure.<\/li>\n
                                                      • Practical benefit:<\/strong> Faster environment setup and standardized operations across dev\/test\/prod.<\/li>\n
                                                      • Limitations\/caveats:<\/strong> Environment types\/sizes and supported runtime capabilities are specific to this service; verify supported workload types (batch, transaction processing, interfaces) in official docs.<\/li>\n<\/ul>\n\n\n\n

                                                        2) Support for common modernization approaches (replatform\/refactor)<\/h3>\n\n\n\n
                                                          \n
                                                        • What it does:<\/strong> Supports different patterns depending on modernization strategy (commonly aligned to replatforming vs refactoring).<\/li>\n
                                                        • Why it matters:<\/strong> Lets you choose a lower-risk approach first (replatform) or invest in deeper transformation (refactor).<\/li>\n
                                                        • Practical benefit:<\/strong> You can align your approach to timelines, skills, and risk tolerance.<\/li>\n
                                                        • Limitations\/caveats:<\/strong> Compatibility and code change requirements vary significantly; perform an assessment and proof-of-concept.<\/li>\n<\/ul>\n\n\n\n

                                                          3) Application and application-version lifecycle<\/h3>\n\n\n\n
                                                            \n
                                                          • What it does:<\/strong> Organizes workloads as applications and deployable versions.<\/li>\n
                                                          • Why it matters:<\/strong> Brings modern release discipline to legacy workloads.<\/li>\n
                                                          • Practical benefit:<\/strong> Repeatable deployments, rollback options, and environment promotion patterns.<\/li>\n
                                                          • Limitations\/caveats:<\/strong> Packaging requirements for application versions are strict; build a validated packaging pipeline early.<\/li>\n<\/ul>\n\n\n\n

                                                            4) Amazon S3-based artifact storage integration<\/h3>\n\n\n\n
                                                              \n
                                                            • What it does:<\/strong> Uses S3 as a common staging location for deployable artifacts\/packages (typical pattern).<\/li>\n
                                                            • Why it matters:<\/strong> S3 is durable, versionable, and integrates with CI\/CD and governance controls.<\/li>\n
                                                            • Practical benefit:<\/strong> Clear separation between build output and runtime deployment; easy promotion across accounts with controlled replication.<\/li>\n
                                                            • Limitations\/caveats:<\/strong> Secure S3 access (bucket policies, encryption, access points) must be designed carefully.<\/li>\n<\/ul>\n\n\n\n

                                                              5) VPC networking integration<\/h3>\n\n\n\n
                                                                \n
                                                              • What it does:<\/strong> Environments attach to your VPC, subnets, and security groups.<\/li>\n
                                                              • Why it matters:<\/strong> Enables private networking, segmentation, and hybrid connectivity.<\/li>\n
                                                              • Practical benefit:<\/strong> Keep modernized workloads private, accessible only via VPN\/Direct Connect or controlled ingress.<\/li>\n
                                                              • Limitations\/caveats:<\/strong> Subnet design, routing, DNS, and egress controls can cause environment provisioning failures if misconfigured.<\/li>\n<\/ul>\n\n\n\n

                                                                6) IAM-based access control (including service-linked roles)<\/h3>\n\n\n\n
                                                                  \n
                                                                • What it does:<\/strong> Uses IAM to authorize who can create\/manage applications, environments, and deployments.<\/li>\n
                                                                • Why it matters:<\/strong> Mainframe modernization environments often handle sensitive financial\/PII data.<\/li>\n
                                                                • Practical benefit:<\/strong> Least-privilege permissions, separation of duties, and auditability.<\/li>\n
                                                                • Limitations\/caveats:<\/strong> Service-linked roles may be required; ensure your organization allows their creation.<\/li>\n<\/ul>\n\n\n\n

                                                                  7) Encryption support using AWS KMS (and AWS-native encryption defaults)<\/h3>\n\n\n\n
                                                                    \n
                                                                  • What it does:<\/strong> Supports encryption at rest via KMS for many integrated resources (S3, logs, and dependent storage\/services).<\/li>\n
                                                                  • Why it matters:<\/strong> Compliance and data protection requirements are common in mainframe workloads.<\/li>\n
                                                                  • Practical benefit:<\/strong> Centralized key management, rotation, and auditing.<\/li>\n
                                                                  • Limitations\/caveats:<\/strong> Key policy design and cross-account key usage can be complex; test in non-prod.<\/li>\n<\/ul>\n\n\n\n

                                                                    8) Observability through CloudWatch and auditing through CloudTrail<\/h3>\n\n\n\n
                                                                      \n
                                                                    • What it does:<\/strong> Integrates with CloudWatch for logs\/metrics and CloudTrail for API auditing.<\/li>\n
                                                                    • Why it matters:<\/strong> Production operations require visibility, alerting, and traceability.<\/li>\n
                                                                    • Practical benefit:<\/strong> Standardized monitoring approach across your AWS estate.<\/li>\n
                                                                    • Limitations\/caveats:<\/strong> You must design log retention, redaction, and alarm thresholds intentionally.<\/li>\n<\/ul>\n\n\n\n

                                                                      9) Environment separation for dev\/test\/prod operations<\/h3>\n\n\n\n
                                                                        \n
                                                                      • What it does:<\/strong> Allows separate environments per stage with controlled access.<\/li>\n
                                                                      • Why it matters:<\/strong> Reduces blast radius and enforces change control.<\/li>\n
                                                                      • Practical benefit:<\/strong> Safer deployments and easier compliance audits.<\/li>\n
                                                                      • Limitations\/caveats:<\/strong> Cost scales with number of environments and how long they run.<\/li>\n<\/ul>\n\n\n\n

                                                                        10) API-driven management (automation-ready)<\/h3>\n\n\n\n
                                                                          \n
                                                                        • What it does:<\/strong> Exposes APIs for managing core resources (often referenced via AWS SDK\/CLI service namespace m2<\/code>).<\/li>\n
                                                                        • Why it matters:<\/strong> Mainframe modernization at scale requires automation.<\/li>\n
                                                                        • Practical benefit:<\/strong> Integrate with CI\/CD, ticket-based approvals, or GitOps patterns.<\/li>\n
                                                                        • Limitations\/caveats:<\/strong> API parameters and supported operations evolve\u2014pin versions and validate with official SDK\/CLI docs.<\/li>\n<\/ul>\n\n\n\n
                                                                          \n\n\n\n

                                                                          7. Architecture and How It Works<\/h2>\n\n\n\n

                                                                          High-level architecture<\/h3>\n\n\n\n

                                                                          At a high level:\n1. Your team prepares modernization artifacts (replatformed binaries\/config or refactored output).\n2. Artifacts are stored in Amazon S3<\/strong>.\n3. You create an application<\/strong> and environment<\/strong> in AWS Mainframe Modernization Service.\n4. The service deploys the application version into the environment inside your VPC<\/strong>.\n5. Users\/systems connect to the environment (private networking recommended).\n6. Operations teams monitor via CloudWatch<\/strong>, audit via CloudTrail<\/strong>, and govern via IAM\/Organizations.<\/p>\n\n\n\n

                                                                          Request\/data\/control flow<\/h3>\n\n\n\n
                                                                            \n
                                                                          • Control plane<\/strong><\/li>\n
                                                                          • AWS Console\/SDK\/CLI calls the service APIs to create and manage applications\/environments.<\/li>\n
                                                                          • \n

                                                                            CloudTrail records these API events.<\/p>\n<\/li>\n

                                                                          • \n

                                                                            Data plane<\/strong><\/p>\n<\/li>\n

                                                                          • Application artifacts flow from S3 into the environment during deployment.<\/li>\n
                                                                          • Application runtime traffic flows within VPC to dependent services (databases, queues, APIs) and to on-prem via VPN\/Direct Connect where needed.<\/li>\n
                                                                          • Logs\/metrics flow to CloudWatch.<\/li>\n<\/ul>\n\n\n\n

                                                                            Integrations with related services (common patterns)<\/h3>\n\n\n\n
                                                                              \n
                                                                            • Amazon S3<\/strong>: artifact repository, export\/import, backups, data lake outputs<\/li>\n
                                                                            • AWS Direct Connect \/ Site-to-Site VPN<\/strong>: hybrid connectivity during transition<\/li>\n
                                                                            • Amazon Route 53<\/strong>: private DNS for internal endpoints<\/li>\n
                                                                            • AWS KMS<\/strong>: encryption keys and audit<\/li>\n
                                                                            • Amazon CloudWatch<\/strong>: logs\/metrics\/alarms<\/li>\n
                                                                            • AWS CloudTrail<\/strong>: audit and compliance<\/li>\n
                                                                            • AWS Config<\/strong>: resource configuration tracking (where applicable)<\/li>\n
                                                                            • AWS Organizations<\/strong>: multi-account separation (dev\/test\/prod)<\/li>\n<\/ul>\n\n\n\n
                                                                              \n

                                                                              Some modernization programs also use AWS DMS, Amazon RDS\/Aurora, Amazon DynamoDB, Amazon MQ, or Amazon MSK depending on how data and integrations are modernized. Those are not \u201crequired\u201d by the service, but they are common in real architectures.<\/p>\n<\/blockquote>\n\n\n\n

                                                                              Dependency services (what you almost always need)<\/h3>\n\n\n\n
                                                                                \n
                                                                              • A VPC<\/strong> with subnets and security groups<\/li>\n
                                                                              • IAM<\/strong> roles\/policies for administrators\/operators and for the service to operate<\/li>\n
                                                                              • S3<\/strong> bucket(s) for artifacts (and often for logs\/exports)<\/li>\n
                                                                              • KMS<\/strong> keys (recommended) for encryption control<\/li>\n
                                                                              • CloudWatch<\/strong> and CloudTrail<\/strong> enabled in the account<\/li>\n<\/ul>\n\n\n\n

                                                                                Security\/authentication model<\/h3>\n\n\n\n
                                                                                  \n
                                                                                • Human and automation access is controlled with IAM<\/strong>.<\/li>\n
                                                                                • The service uses service-linked roles<\/strong> and\/or service roles to create\/manage runtime infrastructure.<\/li>\n
                                                                                • Network access to the runtime should be governed with security groups<\/strong>, NACLs, private subnets, and controlled ingress (VPN\/Direct Connect, bastion, or AWS Client VPN).<\/li>\n<\/ul>\n\n\n\n

                                                                                  Networking model<\/h3>\n\n\n\n
                                                                                    \n
                                                                                  • Runtime environments attach to your<\/strong> VPC\/subnets.<\/li>\n
                                                                                  • Prefer private subnets and private connectivity:<\/li>\n
                                                                                  • On-prem \u2192 AWS via Direct Connect\/VPN<\/li>\n
                                                                                  • User access via Client VPN or SSO + bastion\/SSM patterns<\/li>\n
                                                                                  • Use VPC endpoints (PrivateLink) for S3\/CloudWatch\/KMS where required by your security posture (verify exact dependencies for your environment type).<\/li>\n<\/ul>\n\n\n\n

                                                                                    Monitoring\/logging\/governance considerations<\/h3>\n\n\n\n
                                                                                      \n
                                                                                    • Standardize:<\/li>\n
                                                                                    • CloudWatch log groups (retention, encryption)<\/li>\n
                                                                                    • CloudWatch alarms (availability, error rates, capacity)<\/li>\n
                                                                                    • CloudTrail organization trails and alerting on sensitive operations<\/li>\n
                                                                                    • Resource tagging standards across applications\/environments<\/li>\n<\/ul>\n\n\n\n
                                                                                      \n\n\n\n

                                                                                      Simple architecture diagram (conceptual)<\/h3>\n\n\n\n
                                                                                      flowchart LR\n  Dev[Dev\/Build System] -->|Upload artifacts| S3[(Amazon S3)]\n  Admin[Admin\/Operator] -->|Create app & env| M2[AWS Mainframe Modernization Service]\n\n  M2 -->|Deploy version| Env[Runtime Environment in your VPC]\n  S3 -->|Download package| Env\n\n  Env --> CW[(Amazon CloudWatch Logs\/Metrics)]\n  Admin -->|Audit| CT[(AWS CloudTrail)]\n<\/code><\/pre>\n\n\n\n
                                                                                      Production-style architecture diagram (reference)<\/h3>\n\n\n\n
                                                                                      flowchart TB\n  subgraph OnPrem[On-Premises \/ Legacy DC]\n    MF[Legacy Mainframe Data & Interfaces]\n  end\n\n  subgraph AWS[AWS Region]\n    subgraph Net[VPC]\n      subgraph Subnets[Private Subnets (Multi-AZ)]\n        EnvProd[Prod Runtime Environment]\n        EnvUAT[UAT Runtime Environment]\n      end\n\n      DB[(Modernized Data Store\\n(e.g., RDS\/Aurora)\\nVerify per design)]\n      MQ[(Integration Layer\\n(e.g., MQ\/Kafka)\\nOptional)]\n      VPCE[VPC Endpoints\\n(S3\/CloudWatch\/KMS)\\nOptional]\n    end\n\n    S3[(S3 Artifact Buckets\\nVersioned + Encrypted)]\n    KMS[(AWS KMS Keys)]\n    CW[(CloudWatch Logs\/Metrics\/Alarms)]\n    CT[(CloudTrail Org Trail)]\n    ORG[(AWS Organizations\\nMulti-account)]\n    CICD[CI\/CD Pipeline\\n(Build\/Scan\/Package)]\n  end\n\n  MF <-->|Direct Connect \/ VPN| EnvProd\n  CICD -->|Publish versioned artifacts| S3\n  S3 -->|Deploy package| EnvUAT\n  S3 -->|Deploy package| EnvProd\n  EnvProd --> DB\n  EnvProd --> MQ\n  EnvProd --> CW\n  EnvUAT --> CW\n  M2ctl[AWS Mainframe Modernization Service\\n(Control Plane)] --> EnvProd\n  M2ctl --> EnvUAT\n  M2ctl --> CT\n  S3 --> KMS\n  CW --> KMS\n<\/code><\/pre>\n\n\n\n
                                                                                      \n\n\n\n
                                                                                      8. Prerequisites<\/h2>\n\n\n\n
                                                                                      Account\/subscription requirements<\/h3>\n\n\n\n
                                                                                        \n
                                                                                      • An AWS account with billing enabled.<\/li>\n
                                                                                      • For enterprises: recommended to use AWS Organizations<\/strong> with separate accounts for dev\/test\/prod.<\/li>\n<\/ul>\n\n\n\n
                                                                                        Permissions \/ IAM roles<\/h3>\n\n\n\n
                                                                                        You need permissions to:\n– Create\/manage AWS Mainframe Modernization Service applications and environments\n– Manage VPC settings (or at minimum, select existing subnets and security groups)\n– Create and manage S3 buckets\/objects for artifacts\n– View CloudWatch logs and CloudTrail events<\/p>\n\n\n\n
                                                                                        Practical recommendation for labs:\n– Use a sandbox account and a role with broad permissions (for example, an admin role) to avoid IAM friction.\n– For production: implement least privilege and separation of duties (see Best Practices and Security Considerations).<\/p>\n\n\n\n
                                                                                        Service-linked role note:\n– Many AWS services create a service-linked role<\/strong> automatically on first use. If your organization restricts this, you must allow it. Verify the exact role name and service principal in the official docs for AWS Mainframe Modernization Service.<\/p>\n\n\n\n
                                                                                        Billing requirements<\/h3>\n\n\n\n
                                                                                          \n
                                                                                        • No free-tier assumption. Running modernization environments typically incurs charges.<\/li>\n
                                                                                        • Plan to create the smallest environment and delete quickly in the lab.<\/li>\n<\/ul>\n\n\n\n
                                                                                          CLI\/SDK\/tools needed<\/h3>\n\n\n\n
                                                                                            \n
                                                                                          • AWS Management Console access (recommended for beginners)<\/li>\n
                                                                                          • Optional:<\/li>\n
                                                                                          • AWS CLI v2 for S3 operations and account inspection<\/li>\n
                                                                                          • A terminal for verification steps<\/li>\n
                                                                                          • For hybrid connectivity (optional): Direct Connect\/VPN configuration and on-prem network readiness<\/li>\n<\/ul>\n\n\n\n
                                                                                            Region availability<\/h3>\n\n\n\n
                                                                                              \n
                                                                                            • Not available in every Region. Verify Region support in official AWS documentation<\/strong> before planning environments.<\/li>\n<\/ul>\n\n\n\n
                                                                                              Quotas\/limits<\/h3>\n\n\n\n
                                                                                                \n
                                                                                              • Expect quotas around number of environments, applications, and possibly environment capacity.<\/li>\n
                                                                                              • Check Service Quotas<\/strong> for AWS Mainframe Modernization Service in your Region\/account.<\/li>\n
                                                                                              • In large enterprises, request quota increases early.<\/li>\n<\/ul>\n\n\n\n
                                                                                                Prerequisite services<\/h3>\n\n\n\n
                                                                                                  \n
                                                                                                • Amazon VPC (existing)<\/li>\n
                                                                                                • Amazon S3 (artifact storage)<\/li>\n
                                                                                                • CloudWatch and CloudTrail enabled<\/li>\n
                                                                                                • KMS keys (recommended for encryption control)<\/li>\n<\/ul>\n\n\n\n
                                                                                                  \n\n\n\n
                                                                                                  9. Pricing \/ Cost<\/h2>\n\n\n\n
                                                                                                  \n
                                                                                                  Do not treat this section as a price quote. AWS pricing varies by Region and can change. Use the official pricing page and AWS Pricing Calculator for current rates.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                  Current pricing model (how you are billed)<\/h3>\n\n\n\n
                                                                                                  AWS Mainframe Modernization Service pricing typically includes:\n– Runtime environment charges<\/strong> based on the environment type\/size and how long it runs (often measured in time-based units).\n– Potentially different pricing dimensions depending on modernization approach and runtime option (replatform vs refactor).\n– Standard AWS charges for dependent services you use alongside it (S3, data transfer, logging, databases, networking, etc.).<\/p>\n\n\n\n
                                                                                                  Because pricing details can be nuanced (engine\/runtime choice, environment sizes, Region), you should:\n– Start with the official pricing page:\n  https:\/\/aws.amazon.com\/mainframe-modernization\/pricing\/\n– Use the AWS Pricing Calculator:\n  https:\/\/calculator.aws\/<\/p>\n\n\n\n
                                                                                                  Pricing dimensions to expect<\/h3>\n\n\n\n
                                                                                                    \n
                                                                                                  • Environment runtime duration<\/strong>: cost increases with 24\/7 running environments.<\/li>\n
                                                                                                  • Environment size\/capacity<\/strong>: larger environments cost more.<\/li>\n
                                                                                                  • Number of environments<\/strong>: dev + test + uat + prod multiplies baseline costs.<\/li>\n
                                                                                                  • Artifact storage and retrieval<\/strong>: S3 storage and requests.<\/li>\n
                                                                                                  • Logging and monitoring<\/strong>: CloudWatch log ingestion, retention, and metrics.<\/li>\n
                                                                                                  • Networking<\/strong>:<\/li>\n
                                                                                                  • Inter-AZ data transfer (architecture-dependent)<\/li>\n
                                                                                                  • Data transfer out to the internet (if any)<\/li>\n
                                                                                                  • Direct Connect\/VPN charges (if used)<\/li>\n
                                                                                                  • Downstream services<\/strong>: RDS\/Aurora, MQ\/Kafka, EFS\/FSx, etc. (depending on your target architecture)<\/li>\n<\/ul>\n\n\n\n
                                                                                                    Free tier<\/h3>\n\n\n\n
                                                                                                      \n
                                                                                                    • Assume no free tier<\/strong> for modernization runtime environments unless explicitly stated on the pricing page. Verify in official pricing.<\/li>\n<\/ul>\n\n\n\n
                                                                                                      Hidden or indirect costs to plan for<\/h3>\n\n\n\n
                                                                                                        \n
                                                                                                      • Parallel runs<\/strong>: running legacy + AWS in parallel can double compute costs temporarily.<\/li>\n
                                                                                                      • Non-prod sprawl<\/strong>: multiple test environments left running.<\/li>\n
                                                                                                      • Data duplication<\/strong>: storing mainframe extracts in S3, staging in databases, reconciliation outputs.<\/li>\n
                                                                                                      • Tooling and people time<\/strong>: modernization analysis, testing, and operations engineering.<\/li>\n<\/ul>\n\n\n\n
                                                                                                        Network\/data transfer implications<\/h3>\n\n\n\n
                                                                                                          \n
                                                                                                        • Minimize cross-AZ chatter where possible (but do not sacrifice availability).<\/li>\n
                                                                                                        • Keep artifact buckets in the same Region.<\/li>\n
                                                                                                        • Prefer private connectivity (VPN\/Direct Connect) during hybrid phases; budget accordingly.<\/li>\n<\/ul>\n\n\n\n
                                                                                                          How to optimize cost (practical levers)<\/h3>\n\n\n\n
                                                                                                            \n
                                                                                                          • Stop\/delete non-prod environments<\/strong> when not in use (if supported by your operational model).<\/li>\n
                                                                                                          • Use smallest dev\/test environment sizes<\/strong> that still support meaningful test runs.<\/li>\n
                                                                                                          • Reduce log retention<\/strong> in non-prod; export to S3 for long-term retention if needed.<\/li>\n
                                                                                                          • Consolidate artifacts<\/strong> with lifecycle policies (S3 Intelligent-Tiering\/lifecycle transitions where appropriate).<\/li>\n
                                                                                                          • Architect to reduce data transfer, especially cross-AZ and internet egress.<\/li>\n<\/ul>\n\n\n\n
                                                                                                            Example low-cost starter estimate (no fabricated numbers)<\/h3>\n\n\n\n
                                                                                                            A low-cost lab typically includes:\n– One small dev environment running for less than a few hours\n– One S3 bucket with encryption and versioning\n– CloudWatch logs enabled with short retention<\/p>\n\n\n\n
                                                                                                            Because the largest cost driver is usually the environment runtime, the simplest cost control is:\n– Create the environment \u2192 validate \u2192 delete the environment the same day.<\/p>\n\n\n\n
                                                                                                            Example production cost considerations<\/h3>\n\n\n\n
                                                                                                            For production, expect cost drivers to include:\n– 24\/7 production environment (and at least one non-prod)\n– HA design (multi-AZ)\n– Observability (logs, metrics, retention)\n– Hybrid connectivity (Direct Connect circuits, data transfer)\n– Data platform costs (RDS\/Aurora, caches, queues\/streams)\n– DR posture (backups, cross-Region replication, standby capacity)<\/p>\n\n\n\n
                                                                                                            \n\n\n\n
                                                                                                            10. Step-by-Step Hands-On Tutorial<\/h2>\n\n\n\n
                                                                                                            This lab is designed to be realistic and executable<\/strong> without requiring proprietary mainframe source code. You will provision prerequisites, create an AWS Mainframe Modernization Service application and environment, validate that the environment becomes available, and verify logs\/auditing. You\u2019ll also learn how to avoid common networking and IAM issues.<\/p>\n\n\n\n
                                                                                                            Objective<\/h3>\n\n\n\n
                                                                                                            Create a minimal AWS Mainframe Modernization Service<\/strong> setup:\n– An encrypted S3 bucket for artifacts\n– A logically isolated application in the service\n– A small development environment attached to your default VPC\n– Basic validation using CloudWatch and CloudTrail\n– Full cleanup to avoid ongoing charges<\/p>\n\n\n\n
                                                                                                            Lab Overview<\/h3>\n\n\n\n
                                                                                                            You will:\n1. Choose a supported Region and confirm prerequisites.\n2. Create an S3 artifact bucket with encryption and versioning.\n3. Prepare networking inputs (default VPC, two subnets, a security group).\n4. Create an application in AWS Mainframe Modernization Service.\n5. Create an environment in AWS Mainframe Modernization Service.\n6. Validate the environment status and confirm logs\/audit events exist.\n7. Clean up all created resources.<\/p>\n\n\n\n
                                                                                                            \n
                                                                                                            Cost warning: Creating an environment can incur charges immediately. Keep the environment running only long enough to validate (typically 30\u201390 minutes) and then delete it.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                            \n\n\n\n
                                                                                                            Step 1: Select a supported AWS Region and confirm account setup<\/h3>\n\n\n\n
                                                                                                              \n
                                                                                                            1. Sign in to the AWS Console.<\/li>\n
                                                                                                            2. In the Region selector, choose a Region where AWS Mainframe Modernization Service is available.<\/li>\n<\/ol>\n\n\n\n
                                                                                                              Verification:\n– Open the AWS Mainframe Modernization Service console (search for \u201cMainframe Modernization\u201d in the AWS Console).\n– If you do not see the service or cannot create resources, switch Regions and\/or verify Region availability in the docs.<\/p>\n\n\n\n
                                                                                                              Expected outcome:\n– You can access the service console in your chosen Region.<\/p>\n\n\n\n
                                                                                                              \n\n\n\n
                                                                                                              Step 2: Create an encrypted S3 bucket for application artifacts<\/h3>\n\n\n\n
                                                                                                              You\u2019ll create an S3 bucket to store deployable artifacts (even if you don\u2019t deploy code in this lab).<\/p>\n\n\n\n
                                                                                                              Console steps<\/strong>\n1. Go to Amazon S3<\/strong> \u2192 Create bucket<\/strong>.\n2. Bucket name: m2-artifacts-<account-id>-<region><\/code> (must be globally unique).\n3. Enable:\n   – Block all public access<\/strong> (keep enabled).\n   – Bucket Versioning<\/strong> (recommended).\n   – Default encryption<\/strong> (SSE-KMS recommended; SSE-S3 acceptable for labs).\n4. Create the bucket.<\/p>\n\n\n\n
                                                                                                              Optional CLI (S3 only)<\/strong><\/p>\n\n\n\n
                                                                                                              aws s3api create-bucket \\\n  --bucket \"m2-artifacts-$(aws sts get-caller-identity --query Account --output text)-$(aws configure get region)\" \\\n  --create-bucket-configuration LocationConstraint=\"$(aws configure get region)\"\n<\/code><\/pre>\n\n\n\n
                                                                                                              Expected outcome:\n– You have a private, encrypted S3 bucket ready for artifacts.<\/p>\n\n\n\n
                                                                                                              \n\n\n\n
                                                                                                              Step 3: Gather VPC, subnets, and create a dedicated security group<\/h3>\n\n\n\n
                                                                                                              AWS Mainframe Modernization Service environments attach to your VPC\/subnets\/security groups. For a low-friction lab, use the default VPC<\/strong>.<\/p>\n\n\n\n
                                                                                                              3A) Identify default VPC and two subnets (Console)<\/h4>\n\n\n\n
                                                                                                                \n
                                                                                                              1. Go to VPC<\/strong> \u2192 Your VPCs<\/strong> \u2192 find the default VPC<\/strong>.<\/li>\n
                                                                                                              2. Go to Subnets<\/strong> and filter by that VPC.<\/li>\n
                                                                                                              3. Select two subnets in different Availability Zones<\/strong> (common requirement for highly available services; exact requirements vary\u2014follow console guidance).<\/li>\n<\/ol>\n\n\n\n
                                                                                                                3B) Create a security group for the environment<\/h4>\n\n\n\n
                                                                                                                  \n
                                                                                                                1. Go to VPC<\/strong> \u2192 Security groups<\/strong> \u2192 Create security group<\/strong>.<\/li>\n
                                                                                                                2. Name: m2-env-sg<\/code><\/li>\n
                                                                                                                3. VPC: select the default VPC.<\/li>\n
                                                                                                                4. Inbound rules:\n   – For the lab, start with no inbound rules<\/strong> unless the environment requires specific inbound connectivity for your chosen runtime\/endpoint model.\n   – If you later need access, add tightly scoped inbound rules from your corporate IP, VPN CIDR, or a bastion host security group.<\/li>\n
                                                                                                                5. Outbound rules:\n   – Leave default outbound allowed for the lab, or restrict per your security posture (note: overly restrictive egress can break provisioning).<\/li>\n<\/ol>\n\n\n\n
                                                                                                                  Expected outcome:\n– You have subnet IDs and a security group ready to attach to the environment.<\/p>\n\n\n\n
                                                                                                                  \n\n\n\n
                                                                                                                  Step 4: Create an application in AWS Mainframe Modernization Service<\/h3>\n\n\n\n
                                                                                                                    \n
                                                                                                                  1. Go to AWS Mainframe Modernization Service<\/strong> console.<\/li>\n
                                                                                                                  2. Choose Applications<\/strong> \u2192 Create application<\/strong>.<\/li>\n
                                                                                                                  3. Provide:\n   – Application name: lab-app<\/code>\n   – Description: Lab application for environment provisioning<\/code><\/li>\n
                                                                                                                  4. Choose the modernization approach\/runtime option offered by the console:\n   – If you are unsure, choose the option recommended for beginners by the console\/getting started guide.\n   – If you have a specific target (replatform vs refactor), pick accordingly.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                    Expected outcome:\n– The application appears in the Applications list.<\/p>\n\n\n\n
                                                                                                                    Verification:\n– Open the application details page and confirm it exists and has an Application ID.<\/p>\n\n\n\n
                                                                                                                    \n\n\n\n
                                                                                                                    Step 5: Create a development environment and attach it to your VPC<\/h3>\n\n\n\n
                                                                                                                      \n
                                                                                                                    1. In the AWS Mainframe Modernization Service console, go to Environments<\/strong> \u2192 Create environment<\/strong>.<\/li>\n
                                                                                                                    2. Select:\n   – Environment name: lab-dev-env<\/code>\n   – Environment type: Development \/ Non-production (choose the smallest\/lowest-cost option available)\n   – Application\/runtime option: align with your lab-app<\/code> selection<\/li>\n
                                                                                                                    3. Networking:\n   – VPC: default VPC (lab)\n   – Subnets: pick the two subnets from Step 3\n   – Security group: m2-env-sg<\/code><\/li>\n
                                                                                                                    4. Encryption\/logging:\n   – Enable encryption options offered (KMS if you manage keys).\n   – Enable logging\/monitoring options if selectable.<\/li>\n
                                                                                                                    5. Create the environment.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                      Expected outcome:\n– Environment status transitions from Creating<\/strong> to Available\/Running<\/strong> (exact status labels can vary).<\/p>\n\n\n\n
                                                                                                                      Verification:\n– In the environment details, confirm:\n  – Status is healthy\/available\n  – VPC\/subnets\/security group are correct\n  – Any service-linked role creation succeeded (if shown)<\/p>\n\n\n\n
                                                                                                                      Time expectation:\n– Provisioning can take several minutes.<\/p>\n\n\n\n
                                                                                                                      \n\n\n\n
                                                                                                                      Step 6: Validate monitoring and auditing (CloudWatch + CloudTrail)<\/h3>\n\n\n\n
                                                                                                                      6A) CloudWatch logs (Console)<\/h4>\n\n\n\n
                                                                                                                        \n
                                                                                                                      1. Go to CloudWatch<\/strong> \u2192 Logs<\/strong> \u2192 Log groups<\/strong>.<\/li>\n
                                                                                                                      2. Search for log groups associated with AWS Mainframe Modernization Service or your environment name.<\/li>\n
                                                                                                                      3. Open recent log streams.<\/li>\n<\/ol>\n\n\n\n
                                                                                                                        Expected outcome:\n– You see runtime\/environment provisioning logs and\/or operational logs (depending on what the service publishes).<\/p>\n\n\n\n
                                                                                                                        6B) CloudTrail events (Console)<\/h4>\n\n\n\n
                                                                                                                          \n
                                                                                                                        1. Go to CloudTrail<\/strong> \u2192 Event history<\/strong>.<\/li>\n
                                                                                                                        2. Filter by:\n   – Event source: (look for the service\u2019s API source; often aligned with its API namespace)\n   – Event name: CreateEnvironment \/ CreateApplication (names vary)<\/li>\n
                                                                                                                        3. Open an event and confirm it records:\n   – Who initiated the action (IAM principal)\n   – When it occurred\n   – What parameters were used (where visible)<\/li>\n<\/ol>\n\n\n\n
                                                                                                                          Expected outcome:\n– You can audit environment creation actions.<\/p>\n\n\n\n
                                                                                                                          \n\n\n\n
                                                                                                                          Step 7 (Optional): Prepare for real deployments (artifact pipeline pattern)<\/h3>\n\n\n\n
                                                                                                                          If you have a valid application package from your modernization toolchain, the common pattern is:\n– Build\/package artifacts\n– Upload to S3 (versioned prefix per build)\n– Create an application version pointing to that S3 object\n– Deploy that version to dev \u2192 test \u2192 prod<\/p>\n\n\n\n
                                                                                                                          Because packaging requirements are specific and strict, use the official \u201cGetting started\u201d guide and packaging reference for your chosen approach:\n– Verify required file structure\n– Verify manifest\/config requirements\n– Verify supported dependencies<\/p>\n\n\n\n
                                                                                                                          Expected outcome:\n– You understand the deployment flow even if you don\u2019t deploy code in this lab.<\/p>\n\n\n\n
                                                                                                                          \n\n\n\n
                                                                                                                          Validation<\/h3>\n\n\n\n
                                                                                                                          You have successfully completed the lab if:\n– The S3 bucket exists and is private + encrypted.\n– The application lab-app<\/code> exists in AWS Mainframe Modernization Service.\n– The environment lab-dev-env<\/code> reaches a healthy\/available state.\n– CloudTrail contains events for the create operations.\n– CloudWatch contains logs relevant to the environment\/service.<\/p>\n\n\n\n
                                                                                                                          \n\n\n\n
                                                                                                                          Troubleshooting<\/h3>\n\n\n\n
                                                                                                                          Common issues and fixes:<\/p>\n\n\n\n
                                                                                                                          1) Service not visible in Region<\/strong>\n– Cause:<\/strong> Service not supported in that Region.\n– Fix:<\/strong> Switch to a supported Region; verify Region list in official docs.<\/p>\n\n\n\n
                                                                                                                          2) Environment stuck in \u201cCreating\u201d or fails<\/strong>\n– Cause:<\/strong> Networking misconfiguration (subnets, routes, DNS, blocked egress).\n– Fix:<\/strong> Use default VPC for the lab. Ensure subnets have appropriate routing. Avoid overly restrictive NACLs. If your org requires private-only egress, ensure required VPC endpoints exist (S3\/CloudWatch\/KMS as needed).<\/p>\n\n\n\n
                                                                                                                          3) Access denied \/ cannot create resources<\/strong>\n– Cause:<\/strong> Missing IAM permissions or blocked service-linked role creation.\n– Fix:<\/strong> Use an admin role in a sandbox for the lab. Ensure your org policies allow service-linked roles for this service (verify exact role\/service principal in docs).<\/p>\n\n\n\n
                                                                                                                          4) Cannot find CloudWatch logs<\/strong>\n– Cause:<\/strong> Logs may be under service-managed naming or optional configuration.\n– Fix:<\/strong> Search by environment ID, tags, or time window. Verify in docs which logs are emitted and where.<\/p>\n\n\n\n
                                                                                                                          5) Unexpected costs<\/strong>\n– Cause:<\/strong> Environment left running, verbose logging, data transfer.\n– Fix:<\/strong> Delete the environment after validation; set log retention; keep artifact storage minimal.<\/p>\n\n\n\n
                                                                                                                          \n\n\n\n
                                                                                                                          Cleanup<\/h3>\n\n\n\n
                                                                                                                          To avoid ongoing charges, delete resources in this order:<\/p>\n\n\n\n
                                                                                                                            \n
                                                                                                                          1. \n
                                                                                                                            Delete the environment<\/strong>\n   – AWS Mainframe Modernization Service \u2192 Environments \u2192 select lab-dev-env<\/code> \u2192 Delete\n   – Wait until deletion completes.<\/p>\n<\/li>\n
                                                                                                                          2. \n
                                                                                                                            Delete the application<\/strong>\n   – Applications \u2192 select lab-app<\/code> \u2192 Delete<\/p>\n<\/li>\n
                                                                                                                          3. \n
                                                                                                                            Delete S3 objects and bucket<\/strong>\n   – S3 \u2192 your artifact bucket \u2192 empty bucket (delete all versions if versioning enabled)\n   – Delete bucket<\/p>\n<\/li>\n
                                                                                                                          4. \n
                                                                                                                            Delete security group (if unused)<\/strong>\n   – VPC \u2192 Security Groups \u2192 m2-env-sg<\/code> \u2192 Delete (only if not attached anywhere)<\/p>\n<\/li>\n
                                                                                                                          5. \n
                                                                                                                            Review CloudWatch logs<\/strong>\n   – If you created custom log groups or retention policies, remove as required by your governance approach.<\/p>\n<\/li>\n<\/ol>\n\n\n\n
                                                                                                                            Expected outcome:\n– No environments remain running, and no artifact buckets remain (unless you intentionally keep them).<\/p>\n\n\n\n
                                                                                                                            \n\n\n\n
                                                                                                                            11. Best Practices<\/h2>\n\n\n\n
                                                                                                                            Architecture best practices<\/h3>\n\n\n\n
                                                                                                                              \n
                                                                                                                            • Start with a landing zone<\/strong>: multi-account structure (dev\/test\/prod), centralized logging, and guardrails.<\/li>\n
                                                                                                                            • Design for parallel runs<\/strong>: reconcile outputs, validate performance, and plan cutover after multiple successful cycles.<\/li>\n
                                                                                                                            • Decouple dependencies<\/strong>: separate data modernization and integration modernization from runtime migration using stable contracts (files\/events\/APIs).<\/li>\n
                                                                                                                            • Treat artifacts as immutable<\/strong>: every deployment should come from a versioned artifact stored in S3.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                              IAM\/security best practices<\/h3>\n\n\n\n
                                                                                                                                \n
                                                                                                                              • Least privilege<\/strong> for operators:<\/li>\n
                                                                                                                              • Separate \u201cenvironment admin\u201d from \u201capplication deployer\u201d from \u201cauditor\u201d.<\/li>\n
                                                                                                                              • Use role-based access<\/strong> with short-lived sessions (SSO\/federation).<\/li>\n
                                                                                                                              • Control service-linked role creation<\/strong> via organizational policy, but don\u2019t block it accidentally.<\/li>\n
                                                                                                                              • Tag-based access control<\/strong> (where feasible) for scoping environments by team\/app.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                Cost best practices<\/h3>\n\n\n\n
                                                                                                                                  \n
                                                                                                                                • Right-size non-prod<\/strong> and stop\/delete when idle.<\/li>\n
                                                                                                                                • Separate artifact buckets by environment\/account<\/strong> with lifecycle policies.<\/li>\n
                                                                                                                                • Tune log retention<\/strong> and export long-term logs to S3 if needed.<\/li>\n
                                                                                                                                • Track cost by:<\/li>\n
                                                                                                                                • Application<\/code>, Environment<\/code>, Owner<\/code>, CostCenter<\/code>, Stage<\/code> tags.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                  Performance best practices<\/h3>\n\n\n\n
                                                                                                                                    \n
                                                                                                                                  • Baseline performance early with representative batch volumes and concurrency.<\/li>\n
                                                                                                                                  • Measure:<\/li>\n
                                                                                                                                  • job duration, throughput, latency<\/li>\n
                                                                                                                                  • database IO and connection limits<\/li>\n
                                                                                                                                  • network latency to on-prem dependencies<\/li>\n
                                                                                                                                  • Avoid making performance assumptions from dev; build a performance test environment and realistic data sets.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                    Reliability best practices<\/h3>\n\n\n\n
                                                                                                                                      \n
                                                                                                                                    • Use multi-AZ patterns where supported and appropriate.<\/li>\n
                                                                                                                                    • Automate deployments and rollbacks.<\/li>\n
                                                                                                                                    • Build runbooks:<\/li>\n
                                                                                                                                    • restart procedures<\/li>\n
                                                                                                                                    • incident response<\/li>\n
                                                                                                                                    • reconciliation and reprocessing steps for batch failures<\/li>\n
                                                                                                                                    • Backups and DR:<\/li>\n
                                                                                                                                    • define RPO\/RTO<\/li>\n
                                                                                                                                    • test restore procedures<\/li>\n
                                                                                                                                    • implement cross-Region strategies where required (verify supported patterns per service capabilities).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                      Operations best practices<\/h3>\n\n\n\n
                                                                                                                                        \n
                                                                                                                                      • Centralize logs and metrics; define SLOs.<\/li>\n
                                                                                                                                      • Alert on:<\/li>\n
                                                                                                                                      • environment health<\/li>\n
                                                                                                                                      • job failures \/ abnormal termination patterns<\/li>\n
                                                                                                                                      • unusual error spikes<\/li>\n
                                                                                                                                      • Use IaC for surrounding infrastructure (VPC endpoints, IAM roles, logging, KMS) even if the service runtime is managed.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                        Governance\/tagging\/naming best practices<\/h3>\n\n\n\n
                                                                                                                                          \n
                                                                                                                                        • Naming standard:<\/li>\n
                                                                                                                                        • app-<domain>-<name><\/code><\/li>\n
                                                                                                                                        • env-<stage>-<region>-<app><\/code><\/li>\n
                                                                                                                                        • Tag everything:<\/li>\n
                                                                                                                                        • App<\/code>, Env<\/code>, Stage<\/code>, Owner<\/code>, DataClassification<\/code>, CostCenter<\/code><\/li>\n
                                                                                                                                        • Use AWS Config rules (where applicable) to enforce encryption and public access controls.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                          \n\n\n\n
                                                                                                                                          12. Security Considerations<\/h2>\n\n\n\n
                                                                                                                                          Identity and access model<\/h3>\n\n\n\n
                                                                                                                                            \n
                                                                                                                                          • Primary control is IAM<\/strong>:<\/li>\n
                                                                                                                                          • Who can create\/delete environments (high privilege)<\/li>\n
                                                                                                                                          • Who can deploy versions (release permissions)<\/li>\n
                                                                                                                                          • Who can view logs (ops\/audit)<\/li>\n
                                                                                                                                          • Plan for separation of duties<\/strong>:<\/li>\n
                                                                                                                                          • Security team owns KMS key policies and audit<\/li>\n
                                                                                                                                          • Platform team owns environment provisioning<\/li>\n
                                                                                                                                          • App team owns deployments and app configuration<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                            Encryption<\/h3>\n\n\n\n
                                                                                                                                              \n
                                                                                                                                            • At rest<\/strong>:<\/li>\n
                                                                                                                                            • S3: SSE-KMS recommended for artifacts<\/li>\n
                                                                                                                                            • CloudWatch logs: encrypt log groups with KMS where required<\/li>\n
                                                                                                                                            • Any databases\/data stores used by the modernized application: enable encryption and manage keys<\/li>\n
                                                                                                                                            • In transit<\/strong>:<\/li>\n
                                                                                                                                            • Use TLS for connections to endpoints and between services where applicable<\/li>\n
                                                                                                                                            • Prefer private connectivity paths (VPN\/Direct Connect)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                              Network exposure<\/h3>\n\n\n\n
                                                                                                                                                \n
                                                                                                                                              • Prefer private subnets<\/strong> for runtime environments.<\/li>\n
                                                                                                                                              • Use controlled ingress:<\/li>\n
                                                                                                                                              • AWS Client VPN, Direct Connect, or bastion + SSM<\/li>\n
                                                                                                                                              • Avoid public endpoints unless you have a strong justification and layered controls (WAF, strict security groups, DDoS protections, strong auth).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                Secrets handling<\/h3>\n\n\n\n
                                                                                                                                                  \n
                                                                                                                                                • Do not store credentials in artifacts or plaintext config.<\/li>\n
                                                                                                                                                • Use AWS Secrets Manager<\/strong> or SSM Parameter Store<\/strong> for secrets (depending on your standards).<\/li>\n
                                                                                                                                                • Rotate secrets and restrict access to only the runtime identity that needs them.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                  Audit\/logging<\/h3>\n\n\n\n
                                                                                                                                                    \n
                                                                                                                                                  • Enable:<\/li>\n
                                                                                                                                                  • CloudTrail organization trail (recommended)<\/li>\n
                                                                                                                                                  • CloudWatch log retention policies<\/li>\n
                                                                                                                                                  • Monitor for:<\/li>\n
                                                                                                                                                  • environment deletions<\/li>\n
                                                                                                                                                  • changes to networking attachments<\/li>\n
                                                                                                                                                  • changes to KMS keys and bucket policies<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                    Compliance considerations<\/h3>\n\n\n\n
                                                                                                                                                      \n
                                                                                                                                                    • Classify data (PII\/PCI\/PHI) early.<\/li>\n
                                                                                                                                                    • Use account-level guardrails:<\/li>\n
                                                                                                                                                    • block public S3<\/li>\n
                                                                                                                                                    • restrict Regions if needed<\/li>\n
                                                                                                                                                    • enforce encryption<\/li>\n
                                                                                                                                                    • Ensure operational access is logged and reviewed (especially for prod).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                      Common security mistakes<\/h3>\n\n\n\n
                                                                                                                                                        \n
                                                                                                                                                      • Leaving non-prod environments publicly reachable.<\/li>\n
                                                                                                                                                      • Overly broad IAM permissions for developers in production accounts.<\/li>\n
                                                                                                                                                      • Storing production artifacts and secrets in the same bucket\/prefix without strict access controls.<\/li>\n
                                                                                                                                                      • Ignoring CloudWatch log retention, causing excessive cost and risk exposure.<\/li>\n
                                                                                                                                                      • Allowing unrestricted egress from sensitive environments.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                        Secure deployment recommendations<\/h3>\n\n\n\n
                                                                                                                                                          \n
                                                                                                                                                        • Use separate accounts for prod.<\/li>\n
                                                                                                                                                        • Use private networking and VPC endpoints where required.<\/li>\n
                                                                                                                                                        • Encrypt artifacts and logs with customer-managed KMS keys in regulated environments.<\/li>\n
                                                                                                                                                        • Implement a release approval workflow and artifact integrity checks.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                          \n\n\n\n
                                                                                                                                                          13. Limitations and Gotchas<\/h2>\n\n\n\n
                                                                                                                                                          \n
                                                                                                                                                          Mainframe modernization is constraint-heavy. Validate all assumptions in a proof-of-concept.<\/p>\n<\/blockquote>\n\n\n\n
                                                                                                                                                          Known limitations (categories)<\/h3>\n\n\n\n
                                                                                                                                                            \n
                                                                                                                                                          • Feature compatibility<\/strong>: Not all mainframe subsystems, utilities, or vendor-specific behaviors are supported. Compatibility depends on your modernization approach and runtime option.<\/li>\n
                                                                                                                                                          • Packaging requirements<\/strong>: Application artifacts must meet strict structure\/manifest expectations.<\/li>\n
                                                                                                                                                          • Operational differences<\/strong>: Batch scheduling, dataset handling, and operational tooling may not map 1:1 to legacy processes.<\/li>\n
                                                                                                                                                          • Performance tuning<\/strong>: Legacy workloads can have unique IO and concurrency patterns.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                            Quotas<\/h3>\n\n\n\n
                                                                                                                                                              \n
                                                                                                                                                            • Expect quotas on:<\/li>\n
                                                                                                                                                            • number of environments<\/li>\n
                                                                                                                                                            • number of applications<\/li>\n
                                                                                                                                                            • concurrent operations<\/li>\n
                                                                                                                                                            • Check Service Quotas<\/strong> for the service in your Region.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                              Regional constraints<\/h3>\n\n\n\n
                                                                                                                                                                \n
                                                                                                                                                              • Not available in every Region.<\/li>\n
                                                                                                                                                              • Some runtime options may have narrower Region coverage than others. Verify.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                Pricing surprises<\/h3>\n\n\n\n
                                                                                                                                                                  \n
                                                                                                                                                                • Leaving environments running 24\/7 in dev\/test.<\/li>\n
                                                                                                                                                                • Excessive CloudWatch logs ingestion\/retention.<\/li>\n
                                                                                                                                                                • Data transfer across AZs or out to on-prem\/internet.<\/li>\n
                                                                                                                                                                • Duplicate environments during parallel runs.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                  Compatibility issues<\/h3>\n\n\n\n
                                                                                                                                                                    \n
                                                                                                                                                                  • Differences in file encoding, record formats, and sorting\/collation can cause reconciliation failures.<\/li>\n
                                                                                                                                                                  • Job control semantics and scheduling dependencies can behave differently when modernized.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                    Operational gotchas<\/h3>\n\n\n\n
                                                                                                                                                                      \n
                                                                                                                                                                    • Network egress restrictions can block provisioning or runtime dependencies.<\/li>\n
                                                                                                                                                                    • Missing DNS or incorrect route tables can cause environment creation failures.<\/li>\n
                                                                                                                                                                    • Overly restrictive KMS key policies can prevent encryption-dependent services from working.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                      Migration challenges<\/h3>\n\n\n\n
                                                                                                                                                                        \n
                                                                                                                                                                      • Data migration often dominates timelines (schema conversion, reconciliation, and cutover planning).<\/li>\n
                                                                                                                                                                      • Testing scope is larger than typical application migrations (batch outputs, audit reports, financial reconciliation).<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                        Vendor-specific nuances<\/h3>\n\n\n\n
                                                                                                                                                                          \n
                                                                                                                                                                        • Replatform vs refactor choices influence:<\/li>\n
                                                                                                                                                                        • skills needed<\/li>\n
                                                                                                                                                                        • runtime behavior<\/li>\n
                                                                                                                                                                        • long-term maintainability<\/li>\n
                                                                                                                                                                        • Make this a deliberate architectural decision, not a default.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                          \n\n\n\n
                                                                                                                                                                          14. Comparison with Alternatives<\/h2>\n\n\n\n
                                                                                                                                                                          AWS Mainframe Modernization Service is specialized. Here\u2019s how it compares to common alternatives.<\/p>\n\n\n\n
                                                                                                                                                                          Comparison table<\/h3>\n\n\n\n
                                                                                                                                                                          \n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                          Option<\/th>\nBest For<\/th>\nStrengths<\/th>\nWeaknesses<\/th>\nWhen to Choose<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                          AWS Mainframe Modernization Service<\/strong><\/td>\nMainframe application modernization on AWS<\/td>\nPurpose-built application\/environment lifecycle, managed modernization runtime patterns, AWS-native security\/monitoring<\/td>\nRequires compatibility validation; specialized packaging; can be costly if environments run continuously<\/td>\nWhen you need a structured AWS path to modernize mainframe workloads (replatform\/refactor)<\/td>\n<\/tr>\n
                                                                                                                                                                          AWS Application Migration Service (MGN)<\/strong><\/td>\nLift-and-shift server migrations<\/td>\nFast VM replication and cutover for supported servers<\/td>\nNot mainframe application modernization; doesn\u2019t address COBOL\/batch\/transaction semantics<\/td>\nWhen you\u2019re migrating standard server workloads, not mainframe-origin apps<\/td>\n<\/tr>\n
                                                                                                                                                                          AWS Migration Hub<\/strong><\/td>\nMigration tracking and governance<\/td>\nPortfolio-level visibility and coordination<\/td>\nNot a runtime; not a modernization engine<\/td>\nWhen you need program management for many migrations including mainframe modernization<\/td>\n<\/tr>\n
                                                                                                                                                                          Self-managed Micro Focus\/Blu Age style stacks on EC2 (DIY)<\/strong><\/td>\nTeams needing full control over runtime<\/td>\nMaximum control, custom tuning, flexible topology<\/td>\nHigh ops burden, patching, scaling, reliability engineering complexity<\/td>\nWhen you must control every component and accept operational overhead<\/td>\n<\/tr>\n
                                                                                                                                                                          Azure mainframe modernization (partner solutions)<\/strong><\/td>\nOrganizations standardized on Azure<\/td>\nIntegrated into Azure ecosystem, partner-led approaches<\/td>\nVendor\/partner variability; different service maturity and patterns<\/td>\nWhen Azure is your strategic platform and partners meet requirements<\/td>\n<\/tr>\n
                                                                                                                                                                          Google Cloud mainframe modernization (partner solutions)<\/strong><\/td>\nOrganizations standardized on Google Cloud<\/td>\nStrong data\/analytics integration<\/td>\nOften partner-led; may require more custom engineering<\/td>\nWhen GCP is strategic and you want modernization close to GCP analytics stack<\/td>\n<\/tr>\n
                                                                                                                                                                          Open-source rehosting (e.g., GnuCOBOL + custom runtime)<\/strong><\/td>\nCost-sensitive experiments<\/td>\nLow license cost, high flexibility<\/td>\nSignificant engineering and compatibility risk; hard to match mainframe semantics<\/td>\nOnly for narrow workloads with strong in-house expertise and tolerance for risk<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                          \n\n\n\n
                                                                                                                                                                          15. Real-World Example<\/h2>\n\n\n\n
                                                                                                                                                                          Enterprise example: Large bank modernizing nightly batch + customer servicing<\/h3>\n\n\n\n
                                                                                                                                                                            \n
                                                                                                                                                                          • Problem<\/strong><\/li>\n
                                                                                                                                                                          • Nightly batch cycles are long and expensive on mainframe.<\/li>\n
                                                                                                                                                                          • Customer servicing logic is difficult to change quickly.<\/li>\n
                                                                                                                                                                          • Regulatory requirements demand encryption, auditing, and controlled access.<\/li>\n
                                                                                                                                                                          • Proposed architecture<\/strong><\/li>\n
                                                                                                                                                                          • AWS Organizations with separate dev\/test\/prod accounts<\/li>\n
                                                                                                                                                                          • AWS Mainframe Modernization Service environments in private subnets<\/li>\n
                                                                                                                                                                          • Artifacts stored in encrypted S3 with strict bucket policies<\/li>\n
                                                                                                                                                                          • Hybrid connectivity via Direct Connect to remaining on-prem systems during transition<\/li>\n
                                                                                                                                                                          • CloudWatch alarms + centralized logging; CloudTrail organization trail<\/li>\n
                                                                                                                                                                          • Downstream data store modernized into AWS-managed databases (chosen per domain; verify design)<\/li>\n
                                                                                                                                                                          • Why this service was chosen<\/strong><\/li>\n
                                                                                                                                                                          • Provides structured lifecycle for applications\/environments.<\/li>\n
                                                                                                                                                                          • Supports parallel runs and controlled promotion across stages.<\/li>\n
                                                                                                                                                                          • Integrates with AWS security and compliance tooling.<\/li>\n
                                                                                                                                                                          • Expected outcomes<\/strong><\/li>\n
                                                                                                                                                                          • Reduced mainframe capacity consumption over time.<\/li>\n
                                                                                                                                                                          • Faster release cycles with versioned deployments.<\/li>\n
                                                                                                                                                                          • Improved operational visibility and standardized incident response.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                            Startup\/small-team example: Small insurer migrating a legacy rating engine<\/h3>\n\n\n\n
                                                                                                                                                                              \n
                                                                                                                                                                            • Problem<\/strong><\/li>\n
                                                                                                                                                                            • A small team maintains a legacy rating\/billing engine originally designed for mainframe-like batch processing.<\/li>\n
                                                                                                                                                                            • Infrastructure is aging; ops skills are limited.<\/li>\n
                                                                                                                                                                            • Proposed architecture<\/strong><\/li>\n
                                                                                                                                                                            • One dev and one prod environment (strictly controlled)<\/li>\n
                                                                                                                                                                            • Artifacts in S3, build pipeline produces versioned packages<\/li>\n
                                                                                                                                                                            • Outputs written to S3 for downstream analytics<\/li>\n
                                                                                                                                                                            • CloudWatch alarms routed to on-call<\/li>\n
                                                                                                                                                                            • Why this service was chosen<\/strong><\/li>\n
                                                                                                                                                                            • Avoids building a custom legacy runtime stack.<\/li>\n
                                                                                                                                                                            • Lets the team focus on business logic validation and integration.<\/li>\n
                                                                                                                                                                            • Expected outcomes<\/strong><\/li>\n
                                                                                                                                                                            • Lower operational overhead than a DIY approach.<\/li>\n
                                                                                                                                                                            • A manageable path to progressively modernize code and integrations.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                              \n\n\n\n
                                                                                                                                                                              16. FAQ<\/h2>\n\n\n\n
                                                                                                                                                                              1) Is AWS Mainframe Modernization Service the same as AWS Application Migration Service?<\/strong>\nNo. AWS Application Migration Service (MGN) focuses on server lift-and-shift. AWS Mainframe Modernization Service focuses on running\/modernizing mainframe-origin applications using managed runtime\/environment patterns.<\/p>\n\n\n\n
                                                                                                                                                                              2) Do I need to refactor my code to use the service?<\/strong>\nNot always. Many programs start with replatforming to reduce risk, then refactor later. The right approach depends on compatibility, timeline, and long-term goals.<\/p>\n\n\n\n
                                                                                                                                                                              3) Does it work for batch workloads?<\/strong>\nBatch is a common mainframe modernization target. However, exact batch semantics and tooling support depend on the modernization approach and runtime option\u2014verify your workload requirements in official docs.<\/p>\n\n\n\n
                                                                                                                                                                              4) Does it support transaction processing (online workloads)?<\/strong>\nMany mainframe applications combine online and batch processing. Support depends on your runtime\/approach and the specific transaction patterns. Validate with a proof-of-concept.<\/p>\n\n\n\n
                                                                                                                                                                              5) Is it regional or global?<\/strong>\nResources are created in a specific AWS Region. Environments attach to your VPC in that Region.<\/p>\n\n\n\n
                                                                                                                                                                              6) Can I run dev\/test environments only during business hours?<\/strong>\nOften yes operationally (create\/stop\/delete patterns), but the exact controls depend on what the service supports for your environment type. Even when stop isn\u2019t available, deleting non-prod environments is a strong cost-control approach.<\/p>\n\n\n\n
                                                                                                                                                                              7) Where do I store artifacts?<\/strong>\nA common approach is storing versioned artifacts in Amazon S3 with encryption and versioning.<\/p>\n\n\n\n
                                                                                                                                                                              8) How do I secure access to the runtime environment?<\/strong>\nPrefer private subnets, restricted security groups, and private connectivity via VPN\/Direct Connect\/Client VPN. Avoid public exposure.<\/p>\n\n\n\n
                                                                                                                                                                              9) How do I audit who created or changed environments?<\/strong>\nUse AWS CloudTrail. For enterprises, use an organization trail and send logs to a centralized security account.<\/p>\n\n\n\n
                                                                                                                                                                              10) Can I integrate deployments into CI\/CD?<\/strong>\nYes in principle\u2014use a pipeline to build artifacts, publish to S3, and invoke service APIs for version creation\/deployment. Validate current API\/CLI support and best practices in official docs.<\/p>\n\n\n\n
                                                                                                                                                                              11) What are the biggest cost drivers?<\/strong>\nEnvironment runtime duration (especially 24\/7), environment size, number of environments, and logging\/network\/data-store usage.<\/p>\n\n\n\n
                                                                                                                                                                              12) Do I need Direct Connect?<\/strong>\nNot always. It\u2019s common in hybrid transitions where on-prem data\/services remain dependencies. VPN can work for smaller needs; Direct Connect is often preferred for consistent latency and throughput.<\/p>\n\n\n\n
                                                                                                                                                                              13) What\u2019s the typical migration timeline?<\/strong>\nIt varies widely. A small workload can take weeks to months; large portfolios often take many months or years. Data migration and testing\/reconciliation often dominate timelines.<\/p>\n\n\n\n
                                                                                                                                                                              14) How do I handle secrets?<\/strong>\nUse AWS Secrets Manager or SSM Parameter Store. Avoid embedding secrets in artifacts or code.<\/p>\n\n\n\n
                                                                                                                                                                              15) What should I prototype first?<\/strong>\nStart with a representative slice: one or two batch jobs plus a small set of online transactions, include realistic data volumes, and validate operational runbooks and reconciliation.<\/p>\n\n\n\n
                                                                                                                                                                              \n\n\n\n
                                                                                                                                                                              17. Top Online Resources to Learn AWS Mainframe Modernization Service<\/h2>\n\n\n\n
                                                                                                                                                                              \n\n\n\n\n\n\n\n\n\n\n\n\n\n
                                                                                                                                                                              Resource Type<\/th>\nName<\/th>\nWhy It Is Useful<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                              Official documentation<\/td>\nhttps:\/\/docs.aws.amazon.com\/mainframe-modernization\/<\/td>\nPrimary source for concepts, supported features, workflows, and API references<\/td>\n<\/tr>\n
                                                                                                                                                                              Official pricing page<\/td>\nhttps:\/\/aws.amazon.com\/mainframe-modernization\/pricing\/<\/td>\nUp-to-date pricing dimensions and Region-specific notes<\/td>\n<\/tr>\n
                                                                                                                                                                              AWS Pricing Calculator<\/td>\nhttps:\/\/calculator.aws\/<\/td>\nBuild estimates for environments plus dependent services (S3, logs, databases, networking)<\/td>\n<\/tr>\n
                                                                                                                                                                              Product overview<\/td>\nhttps:\/\/aws.amazon.com\/mainframe-modernization\/<\/td>\nService positioning, approach options, and entry points to docs<\/td>\n<\/tr>\n
                                                                                                                                                                              AWS Architecture Center<\/td>\nhttps:\/\/aws.amazon.com\/architecture\/<\/td>\nReference architectures and cloud best practices to apply around modernization environments<\/td>\n<\/tr>\n
                                                                                                                                                                              AWS CloudTrail docs<\/td>\nhttps:\/\/docs.aws.amazon.com\/awscloudtrail\/latest\/userguide\/what_is_cloud_trail_top_level.html<\/td>\nAuditing and governance patterns for modernization programs<\/td>\n<\/tr>\n
                                                                                                                                                                              Amazon VPC docs<\/td>\nhttps:\/\/docs.aws.amazon.com\/vpc\/<\/td>\nNetworking prerequisites and troubleshooting for VPC-attached environments<\/td>\n<\/tr>\n
                                                                                                                                                                              CloudWatch docs<\/td>\nhttps:\/\/docs.aws.amazon.com\/AmazonCloudWatch\/latest\/monitoring\/WhatIsCloudWatch.html<\/td>\nMonitoring\/logging setup, alarms, and retention planning<\/td>\n<\/tr>\n
                                                                                                                                                                              AWS Mainframe Modernization videos<\/td>\nhttps:\/\/www.youtube.com\/@amazonwebservices<\/td>\nSearch for \u201cAWS Mainframe Modernization\u201d sessions, re:Invent talks, and workshops (verify recency)<\/td>\n<\/tr>\n
                                                                                                                                                                              AWS Samples (GitHub)<\/td>\nhttps:\/\/github.com\/aws-samples<\/td>\nLook for official modernization samples and workshops; validate they match your chosen runtime\/approach<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                              \n\n\n\n
                                                                                                                                                                              18. Training and Certification Providers<\/h2>\n\n\n\n
                                                                                                                                                                              \n\n\n\n\n\n\n\n\n
                                                                                                                                                                              Institute<\/th>\nSuitable Audience<\/th>\nLikely Learning Focus<\/th>\nMode<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                              DevOpsSchool.com<\/td>\nDevOps engineers, architects, platform teams<\/td>\nCloud\/DevOps practices around migrations and operations<\/td>\nCheck website<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                              ScmGalaxy.com<\/td>\nStudents, engineers<\/td>\nSCM\/DevOps fundamentals and tooling that supports migration programs<\/td>\nCheck website<\/td>\nhttps:\/\/www.scmgalaxy.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                              CLoudOpsNow.in<\/td>\nCloud operations teams<\/td>\nCloud operations patterns, monitoring, governance<\/td>\nCheck website<\/td>\nhttps:\/\/www.cloudopsnow.in\/<\/td>\n<\/tr>\n
                                                                                                                                                                              SreSchool.com<\/td>\nSREs, operations engineers<\/td>\nReliability engineering, incident response, SLOs for production workloads<\/td>\nCheck website<\/td>\nhttps:\/\/www.sreschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                              AiOpsSchool.com<\/td>\nOps teams, engineers<\/td>\nAIOps concepts for monitoring\/automation<\/td>\nCheck website<\/td>\nhttps:\/\/www.aiopsschool.com\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                              \n\n\n\n
                                                                                                                                                                              19. Top Trainers<\/h2>\n\n\n\n
                                                                                                                                                                              \n\n\n\n\n\n\n\n
                                                                                                                                                                              Platform\/Site<\/th>\nLikely Specialization<\/th>\nSuitable Audience<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                              RajeshKumar.xyz<\/td>\nDevOps\/cloud training content (verify offerings)<\/td>\nBeginners to intermediate engineers<\/td>\nhttps:\/\/rajeshkumar.xyz\/<\/td>\n<\/tr>\n
                                                                                                                                                                              devopstrainer.in<\/td>\nDevOps training (verify offerings)<\/td>\nDevOps engineers, teams<\/td>\nhttps:\/\/www.devopstrainer.in\/<\/td>\n<\/tr>\n
                                                                                                                                                                              devopsfreelancer.com<\/td>\nFreelance DevOps guidance (verify offerings)<\/td>\nTeams needing short-term coaching<\/td>\nhttps:\/\/www.devopsfreelancer.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                              devopssupport.in<\/td>\nDevOps support\/training (verify offerings)<\/td>\nOps\/DevOps teams<\/td>\nhttps:\/\/www.devopssupport.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                              \n\n\n\n
                                                                                                                                                                              20. Top Consulting Companies<\/h2>\n\n\n\n
                                                                                                                                                                              \n\n\n\n\n\n\n
                                                                                                                                                                              Company<\/th>\nLikely Service Area<\/th>\nWhere They May Help<\/th>\nConsulting Use Case Examples<\/th>\nWebsite URL<\/th>\n<\/tr>\n<\/thead>\n
                                                                                                                                                                              cotocus.com<\/td>\nCloud\/DevOps services (verify offerings)<\/td>\nCloud migration planning, DevOps enablement, operations<\/td>\nLanding zone setup, CI\/CD enablement, monitoring strategy<\/td>\nhttps:\/\/cotocus.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                              DevOpsSchool.com<\/td>\nDevOps consulting and training (verify offerings)<\/td>\nPlatform engineering, DevOps transformation<\/td>\nPipeline design, governance, operational readiness<\/td>\nhttps:\/\/www.devopsschool.com\/<\/td>\n<\/tr>\n
                                                                                                                                                                              DEVOPSCONSULTING.IN<\/td>\nDevOps consulting (verify offerings)<\/td>\nDevOps practices, automation, cloud operations<\/td>\nInfrastructure automation, observability rollout, incident response processes<\/td>\nhttps:\/\/www.devopsconsulting.in\/<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/figure>\n\n\n\n
                                                                                                                                                                              \n\n\n\n
                                                                                                                                                                              21. Career and Learning Roadmap<\/h2>\n\n\n\n
                                                                                                                                                                              What to learn before this service<\/h3>\n\n\n\n
                                                                                                                                                                                \n
                                                                                                                                                                              • AWS fundamentals:<\/li>\n
                                                                                                                                                                              • IAM (roles, policies, permission boundaries)<\/li>\n
                                                                                                                                                                              • VPC (subnets, routing, security groups, endpoints)<\/li>\n
                                                                                                                                                                              • S3 (encryption, versioning, bucket policies)<\/li>\n
                                                                                                                                                                              • CloudWatch and CloudTrail<\/li>\n
                                                                                                                                                                              • Migration fundamentals:<\/li>\n
                                                                                                                                                                              • discovery and assessment<\/li>\n
                                                                                                                                                                              • cutover planning<\/li>\n
                                                                                                                                                                              • data migration basics and reconciliation<\/li>\n
                                                                                                                                                                              • Mainframe concepts (even if you\u2019re not a mainframe developer):<\/li>\n
                                                                                                                                                                              • batch jobs, scheduling, datasets\/files<\/li>\n
                                                                                                                                                                              • transaction processing concepts<\/li>\n
                                                                                                                                                                              • common testing and reconciliation practices<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                What to learn after this service<\/h3>\n\n\n\n
                                                                                                                                                                                  \n
                                                                                                                                                                                • CI\/CD for regulated workloads (approvals, artifact signing, SBOM practices)<\/li>\n
                                                                                                                                                                                • Data modernization patterns:<\/li>\n
                                                                                                                                                                                • database migration\/modernization strategies<\/li>\n
                                                                                                                                                                                • event-driven integration and streaming<\/li>\n
                                                                                                                                                                                • Reliability engineering:<\/li>\n
                                                                                                                                                                                • SLOs\/SLIs, error budgets<\/li>\n
                                                                                                                                                                                • DR testing and chaos engineering (where appropriate)<\/li>\n
                                                                                                                                                                                • Security deep dives:<\/li>\n
                                                                                                                                                                                • KMS key policy design<\/li>\n
                                                                                                                                                                                • centralized logging and SIEM integration<\/li>\n
                                                                                                                                                                                • threat modeling for hybrid systems<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                  Job roles that use it<\/h3>\n\n\n\n
                                                                                                                                                                                    \n
                                                                                                                                                                                  • Cloud Solutions Architect (Migration and Modernization)<\/li>\n
                                                                                                                                                                                  • DevOps Engineer \/ Platform Engineer (Migration platforms)<\/li>\n
                                                                                                                                                                                  • SRE \/ Operations Engineer (production operations for modernized workloads)<\/li>\n
                                                                                                                                                                                  • Security Engineer (governance, auditing, encryption, access controls)<\/li>\n
                                                                                                                                                                                  • Modernization Lead \/ Technical Program Manager (migration programs)<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                    Certification path (if available)<\/h3>\n\n\n\n
                                                                                                                                                                                    AWS certifications don\u2019t typically certify a single service, but relevant paths include:\n– AWS Certified Solutions Architect \u2013 Associate\/Professional\n– AWS Certified DevOps Engineer \u2013 Professional\n– AWS Certified Security \u2013 Specialty<\/p>\n\n\n\n
                                                                                                                                                                                    For mainframe modernization-specific enablement, rely on AWS training, workshops, and partner-led programs (verify current official offerings).<\/p>\n\n\n\n
                                                                                                                                                                                    Project ideas for practice<\/h3>\n\n\n\n
                                                                                                                                                                                      \n
                                                                                                                                                                                    • Build a multi-account landing zone with centralized CloudTrail\/CloudWatch logging for a modernization program.<\/li>\n
                                                                                                                                                                                    • Create a CI pipeline that:<\/li>\n
                                                                                                                                                                                    • packages artifacts into versioned S3 prefixes<\/li>\n
                                                                                                                                                                                    • runs static checks and security scans<\/li>\n
                                                                                                                                                                                    • triggers a controlled deployment to a non-prod environment (where supported)<\/li>\n
                                                                                                                                                                                    • Implement a reconciliation framework:<\/li>\n
                                                                                                                                                                                    • compare batch outputs between legacy and modernized runs<\/li>\n
                                                                                                                                                                                    • track differences and produce audit reports<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                      \n\n\n\n
                                                                                                                                                                                      22. Glossary<\/h2>\n\n\n\n
                                                                                                                                                                                        \n
                                                                                                                                                                                      • Application (modernization application):<\/strong> A logical container representing a workload in AWS Mainframe Modernization Service.<\/li>\n
                                                                                                                                                                                      • Application version:<\/strong> A deployable, versioned package of an application\u2019s artifacts\/configuration.<\/li>\n
                                                                                                                                                                                      • Environment:<\/strong> A managed runtime environment where the application version runs, attached to your VPC.<\/li>\n
                                                                                                                                                                                      • Replatform:<\/strong> Modernization approach that moves the application to a new platform with minimal code changes.<\/li>\n
                                                                                                                                                                                      • Refactor:<\/strong> Modernization approach that changes code structure and\/or language\/runtime for long-term agility.<\/li>\n
                                                                                                                                                                                      • Parallel run:<\/strong> Running legacy and modernized systems simultaneously to validate correctness before cutover.<\/li>\n
                                                                                                                                                                                      • Reconciliation:<\/strong> Comparing outputs (reports, files, database states) to confirm functional equivalence.<\/li>\n
                                                                                                                                                                                      • Landing zone:<\/strong> A multi-account, governed AWS foundation with standardized networking, logging, and security controls.<\/li>\n
                                                                                                                                                                                      • Service-linked role:<\/strong> An IAM role pre-defined by AWS that allows a service to act on your behalf in your account.<\/li>\n
                                                                                                                                                                                      • KMS (AWS Key Management Service):<\/strong> AWS service for managing encryption keys and controlling cryptographic operations.<\/li>\n
                                                                                                                                                                                      • CloudWatch Logs:<\/strong> Centralized log storage and analytics in AWS.<\/li>\n
                                                                                                                                                                                      • CloudTrail:<\/strong> AWS service that records API calls for auditing and security analysis.<\/li>\n
                                                                                                                                                                                      • Direct Connect:<\/strong> Dedicated network connectivity from on-premises to AWS.<\/li>\n
                                                                                                                                                                                      • VPC endpoint:<\/strong> Private connectivity to AWS services without traversing the public internet.<\/li>\n<\/ul>\n\n\n\n
                                                                                                                                                                                        \n\n\n\n
                                                                                                                                                                                        23. Summary<\/h2>\n\n\n\n
                                                                                                                                                                                        AWS Mainframe Modernization Service (AWS) is a specialized Migration and transfer<\/strong> service for modernizing and running mainframe-origin applications on AWS using managed application and environment lifecycles. It matters because it provides a structured way to reduce mainframe dependency while improving operational agility, security alignment, and observability using AWS-native tools.<\/p>\n\n\n\n
                                                                                                                                                                                        Key points to remember:\n– Cost:<\/strong> runtime environments and how long they run are the primary cost driver; control non-prod sprawl.\n– Security:<\/strong> use IAM least privilege, private VPC networking, KMS encryption, and CloudTrail auditing.\n– Fit:<\/strong> choose it when you have true mainframe modernization needs (replatform\/refactor) and want an AWS-managed path; avoid it for generic VM lift-and-shift use cases.<\/p>\n\n\n\n
                                                                                                                                                                                        Next step:\n– Read the official documentation and run a proof-of-concept focusing on one representative batch flow plus a small online workflow, with real data volumes and reconciliation criteria: https:\/\/docs.aws.amazon.com\/mainframe-modernization\/<\/p>\n","protected":false},"excerpt":{"rendered":"
                                                                                                                                                                                        Migration and transfer<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[20,35],"tags":[],"class_list":["post-290","post","type-post","status-publish","format-standard","hentry","category-aws","category-migration-and-transfer"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/comments?post=290"}],"version-history":[{"count":0,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/posts\/290\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/media?parent=290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/categories?post=290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/tutorials\/wp-json\/wp\/v2\/tags?post=290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}