Discovery + 7Rs assessment
AWS Application Discovery Service agents on the estate, Migration Hub Strategy Recommendations run, dependency map, license entanglement review, written 7Rs decision matrix per application with cost model and risk score.
Services
AWS Migration Services for US & EU Workloads
End-to-end AWS migration for regulated and growth-stage companies: 7Rs assessment with AWS Migration Hub, Terraform-codified landing zones on Control Tower, replatform onto ECS Fargate / EKS / Aurora, MGN-based rehost for COTS, and DMS + SCT for Oracle and SQL Server. Senior cloud architects on CET with East-Coast US overlap, GDPR-aligned Frankfurt and Ireland regions by default. Discovery sprints from 35,000 EUR fixed; dedicated teams from 12,000 EUR/month.
Most AWS migrations fail not in execution but in framing. Teams rehost everything on EC2, claim "we are on AWS" at the board meeting, then watch the cloud bill exceed the on-prem TCO by month nine. We frame migration as a portfolio decision: each application gets one of the 7Rs based on dependency, license, blast radius and runtime economics, and the decision is defensible against AWS Migration Hub Strategy Recommendations data. Landing zone is Terraform on Control Tower from day one — never ClickOps. EU data stays in eu-central-1 / eu-west-1 with SCP-enforced region pinning. FinOps is built into the cutover, not added six months later when the bill arrives.
What's inside an AWS migration engagement
Landing zone in Terraform
Control Tower with custom OUs, IAM Identity Center federated to Okta / Entra ID, Transit Gateway hub-spoke, centralized AWS Network Firewall, KMS CMK strategy, SCP guardrails — all in versioned Terraform modules you own.
Replatform + refactor waves
Stateless tiers onto ECS Fargate, App Runner or EKS with Karpenter. Databases via DMS + Schema Conversion Tool to Aurora PostgreSQL (Babelfish for SQL Server). Queues to SQS/EventBridge, batch to AWS Batch on Spot.
MGN rehost for COTS
For applications without a reasonable replatform path, AWS Application Migration Service (MGN) block-level replication, automated test waves, cutover runbooks with rollback, and 90-day "replatform candidate" review baked into the contract.
FinOps from day one
CUR + Athena + QuickSight dashboards, mandatory cost-allocation tags enforced by Terraform Sentinel/OPA, Savings Plans + Reserved Capacity strategy, weekly anomaly review, Graviton migration on stateless tiers.
Observability + SRE handover
CloudWatch + X-Ray + Managed Prometheus + Managed Grafana, OpenTelemetry-instrumented services, SLO-based alerting, runbooks in your wiki, 30-day shadow period before your team owns on-call.
AWS services and tooling we work with daily
AWS Migration Hub
Application Discovery Service
MGN (CloudEndure)
DMS + SCT
Control Tower
IAM Identity Center
Organizations + SCP
Transit Gateway
Network Firewall
ECS Fargate
EKS + Karpenter
App Runner
Aurora PostgreSQL
Babelfish
RDS Proxy
S3 Intelligent-Tiering
Terraform
Pulumi
CloudWatch + X-Ray
Cost Anomaly Detection
How an AWS migration runs end-to-end
-
01
Discovery (4 weeks, fixed)
Migration Hub agents deployed, dependency map produced, 7Rs decision matrix per application, landing zone design, cost model, written migration waves plan with go/no-go gates.
-
02
Foundation
Control Tower deployment, Terraform landing zone, IdP federation, networking, KMS keys, observability baseline. Penetration test against the empty landing zone before any workload lands.
-
03
Migration waves
Waves of 5–20 applications each: replatform in non-prod, automated test pass, performance baseline, cutover window with rehearsed rollback, post-cutover validation, decommission of source.
-
04
Optimize + handover
FinOps optimization sprint, Graviton/Spot adoption where applicable, Savings Plans purchase, runbooks finalized, 30-day shadow on-call before your team owns it solo.
Engagement models
Discovery sprint
4 weeks, fixed scope. 7Rs assessment, landing zone design, cost model, migration waves plan, executive readout. Output is a board-ready decision document. From 35,000 EUR fixed.
Dedicated migration team
3-person pod (TPM + senior cloud engineer + SRE) running landing zone build and migration waves alongside your team. Co-delivery, weekly architecture review, monthly steering. From 12,000 EUR/month per team.
FinOps + SRE retainer
Post-cutover ongoing optimization, anomaly response, Savings Plans management, quarterly Well-Architected review, 24/7 SRE on-call rotation for the migrated estate. From 6,500 EUR/month.
All engagements include NDA, DPA aligned to GDPR with SCCs, and a contractual no-vendor-lock-out clause — you own the Terraform on day one.
Selected work
Manufacturing · E-commerce
REHAU
B2B e-commerce and product configurator for a global polymer manufacturer with multi-region pricing, stock and dealer workflows.
Crypto · FinTech
EverCoin Bank
Unified crypto-ecosystem hub aggregating multiple tokens — live exchange data, search, charts, direct purchase entry point.
Why US & EU companies pick YuSMP for AWS migration
GDPR-aligned · ISO 27001 ready · SOC 2 Type II in progress · HIPAA-capable · CCPA-acknowledged
Senior-only delivery
Every cloud engineer on the engagement has 8+ years of production AWS — multiple migrations of 100+ server estates, multi-region failover events handled in production, not just a Solutions Architect Professional badge.
EU data residency by design
eu-central-1 / eu-west-1 / AWS European Sovereign Cloud, SCP-enforced region pinning, KMS XKS for sovereignty-critical keys, Schrems II-aligned DPA with SCCs, CloudTrail and Config logs replicated inside EU only.
No vendor lock-out
Terraform is in your repo from day one. We pair-program with your engineers. By cutover your team is reviewing our PRs. Contractual no-lock-out clause — you can fire us tomorrow and run the estate unchanged.
For regulated workloads (financial services, healthcare, public sector) we deliver against the AWS Well-Architected Framework with Security, Reliability and Cost Optimization pillars reviewed quarterly by an independent partner architect.
Frequently asked questions
Which of the 7Rs do you actually use, and how do you decide?
All seven (Retire, Retain, Relocate, Rehost, Repurchase, Replatform, Refactor) but we explicitly resist defaulting to Rehost. Decision input is an AWS Migration Hub Strategy Recommendations run plus our own dependency map from Application Discovery Service agents. We score each workload on five axes: blast radius, change frequency, runtime cost on EC2 vs managed equivalent, license entanglement, and team familiarity. Stateless web tiers usually Replatform onto ECS Fargate or App Runner. Oracle/SQL Server with heavy PL/SQL go Refactor to Aurora PostgreSQL via Babelfish or DMS + SCT. COTS without an exit goes Rehost via MGN, then revisited 12 months later.
How is the landing zone built and is it Terraform or CDK?
Terraform by default, occasionally Pulumi when the client team prefers TypeScript end-to-end. We never use ClickOps for foundation. The landing zone is AWS Control Tower with customizations: separate OUs for Security, Audit, Log Archive, SharedServices, Workloads (dev/stage/prod), and Sandbox. Identity is IAM Identity Center federated to your IdP (Okta, Entra ID, Google Workspace). Network is a Transit Gateway hub-spoke with centralized inspection VPC running AWS Network Firewall. Everything is in Terraform modules versioned in your repo — you own the code on day one, not us.
How do you handle EU data residency and GDPR / Schrems II?
Workloads with EU personal data land in eu-central-1 (Frankfurt), eu-west-1 (Ireland), or the AWS European Sovereign Cloud where appropriate. We pin services to those regions via SCPs at the OU level — a developer cannot accidentally spin up a Bedrock model in us-east-1. For Schrems II compliance we use AWS Nitro Enclaves where attestable confidential compute is required, KMS with customer-managed CMKs (and XKS / external key store for sovereignty-critical workloads), and SCCs in the DPA. CloudTrail and Config logs are encrypted with separate keys and replicated cross-region inside the EU only.
What does FinOps look like in practice after cutover?
We instrument Cost and Usage Reports into Athena + QuickSight on day one and tag every resource with cost-center, environment, and service via Terraform-enforced policy. The FinOps cadence is weekly: anomaly detection via AWS Cost Anomaly Detection, rightsizing recommendations from Compute Optimizer, Savings Plans coverage tracking, and a monthly written report. Typical savings on a lift-and-shift baseline are 28–35 percent within 90 days (Graviton migration on stateless tiers, S3 Intelligent-Tiering on cold data, Aurora I/O-Optimized on write-heavy databases, Spot for batch on EKS via Karpenter).
Can you run the migration alongside our internal team?
Yes — co-delivery is our default model. Your team owns business logic, application changes and final cutover decisions. Our team owns landing zone, network, security baseline, MGN/DMS pipelines, observability stack and the runbooks. We pair-program the Terraform, run weekly architecture review with your tech leads, and hand off via a 30-day shadow period. By the end of the engagement your engineers are reviewing our PRs, not the other way round. No vendor lock-in to YuSMP after the sprint ends — that is contractual.
What does pricing and timeline look like for a typical migration?
Discovery sprint is 4 weeks fixed-fee at 35,000 EUR — Migration Hub assessment, dependency map, 7Rs decision matrix, landing zone design, cost model and migration waves. Execution runs as dedicated team engagements from 12,000 EUR/month per team of 3 (TPM + cloud engineer + SRE). A 200-server estate typically moves in 4–6 months end-to-end. Refactor work on databases or monoliths is quoted per wave. FinOps and 24/7 SRE retainer is available post-cutover from 6,500 EUR/month.