Cloud Migration Checklist: Step-by-Step Planning Guide

March 16, 2026 • 12 min read

A 6-phase cloud migration checklist covering assessment, strategy, planning, migration, optimization, and operations. Includes cost estimation framework, risk mitigation, and workload prioritization — designed for CTOs and engineering leaders managing enterprise migrations.

Bartosz Ciepierski

Cloud migration is not a technology project. It is a business transformation that happens to involve technology. This checklist provides a structured, 6-phase approach to planning and executing a cloud migration — designed for organizations that want to get it right the first time.

Read also: CI/CD Pipeline Setup: Complete Implementation Guide

Phase 1: Assessment (Week 1-4)

Before making any cloud decisions, understand exactly what you have and what it costs.

Infrastructure inventory

Catalog all servers: physical and virtual (CPU, memory, storage, OS, location)
Map all applications to their hosting infrastructure (which app runs where)
Document network topology: VLANs, firewalls, load balancers, VPN connections
Inventory all databases: engine, version, size, IOPS, replication setup
List all storage systems: SAN, NAS, object storage (capacity, utilization, growth rate)
Document all third-party integrations and their network requirements
Identify shadow IT — applications running on infrastructure that is not in the official inventory

Dependency mapping

Map application-to-application dependencies (which services call which)
Identify latency-sensitive connections (applications that must stay close together)
Document external dependencies: SaaS APIs, partner connections, customer-facing endpoints
Map data flows: where data is created, processed, stored, and accessed
Identify shared services: Active Directory, DNS, SMTP, monitoring, logging

Current cost baseline

Calculate total data center cost: hardware, power, cooling, physical space, network
Include staffing costs: sysadmins, network engineers, security team (infrastructure portion)
Add licensing costs: OS, database, middleware, monitoring tools
Document contract end dates: hardware leases, software licenses, data center colocation
Calculate cost per application or per workload (this becomes your migration ROI baseline)

Compliance and security requirements

List regulatory requirements: GDPR, HIPAA, PCI-DSS, SOC 2, industry-specific
Identify data residency requirements (which data must stay in which country or region)
Document current security controls: encryption, access management, audit logging
Review vendor contracts for cloud-related restrictions

Phase 2: Strategy (Week 4-8)

Choose your cloud provider

Criteria	AWS	Azure	GCP
Market position	Largest ecosystem, most services	Best Microsoft integration	Best data/ML, strongest K8s (GKE)
Enterprise readiness	Mature, extensive compliance	Strong AD/O365 integration	Growing enterprise features
Pricing	On-demand + Reserved + Savings Plans	Pay-as-you-go + Reserved + Savings	On-demand + Committed Use + Sustained
Best for	Broad workloads, startups, enterprises	Microsoft shops, hybrid cloud	Data-heavy, ML/AI, Kubernetes

Multi-cloud or single cloud? Start with one provider. Multi-cloud adds complexity, cost, and skill requirements. Only consider multi-cloud for specific reasons: vendor lock-in avoidance for regulated industries, best-of-breed services, or M&A scenarios.

Migration approach per workload (6 Rs)

Classify every application using the 6 Rs framework:

Strategy	Description	When to use	Timeline
Rehost (lift-and-shift)	Move as-is to cloud VMs	Commodity workloads, quick wins	Days to weeks
Replatform (lift-and-optimize)	Minor changes to use managed services	Databases (RDS), containers (ECS/EKS)	Weeks
Repurchase	Replace with SaaS	CRM, email, HR systems	Weeks to months
Refactor (re-architect)	Rebuild using cloud-native services	High-value apps with scaling needs	Months
Retain	Keep on-premises	Mainframes, recently upgraded hardware	N/A
Retire	Decommission	Unused or redundant applications	Days

Cost estimation framework

Build a 3-year TCO model with these components:

Year 1 (migration year):

Cloud infrastructure: estimated monthly run rate x 12 (use cloud pricing calculators)
Over-provisioning buffer: add 25% (you will right-size later)
Migration tooling: AWS Migration Hub, Azure Migrate, or third-party (CloudEndure, Zerto)
Engineering effort: 2-5 cloud engineers for 6-12 months
Training: cloud certifications for 5-10 team members
Dual-run costs: on-prem and cloud running in parallel for 3-6 months

Year 2-3 (optimized):

Right-sized infrastructure: typically 20-30% less than Year 1
Reserved instances or savings plans: 30-50% discount on committed usage
Reduced on-prem costs: data center contract wind-down
Operational savings: less hardware maintenance, automated scaling

Phase 3: Planning (Week 8-14)

Migration wave planning

Group workloads into migration waves based on dependencies, risk, and business impact:

Wave 0 (Foundation): landing zone, networking, security baseline, IAM, monitoring Wave 1 (Quick wins): development and test environments, internal tools, low-risk applications Wave 2 (Core business): production workloads with moderate complexity, stateless applications Wave 3 (Complex): stateful applications, databases, latency-sensitive workloads Wave 4 (Legacy): mainframe integrations, specialized hardware dependencies, remaining workloads

Landing zone setup

Set up cloud account structure: organizational units, accounts per environment (dev, staging, prod)
Configure networking: VPC design, subnet layout, CIDR planning (no overlap with on-prem)
Establish hybrid connectivity: Direct Connect (AWS), ExpressRoute (Azure), or site-to-site VPN
Implement IAM foundation: SSO integration, role-based access, service accounts
Deploy security baseline: GuardDuty/Defender, Config rules, CloudTrail/Activity Log
Set up centralized logging: CloudWatch, Azure Monitor, or third-party (Datadog, Splunk)
Configure cost management: budgets, alerts, tagging strategy for cost allocation
Deploy Infrastructure as Code: Terraform or cloud-native (CloudFormation, Bicep)

Risk mitigation plan

Risk	Mitigation
Data loss during migration	Full backup before migration, validate data integrity post-migration, maintain source for 30 days
Extended downtime	Schedule migrations during maintenance windows, use replication-based migration for databases
Performance degradation	Load test in cloud before cutover, right-size instances based on actual metrics
Security exposure	Security review of cloud configuration before go-live, penetration testing
Budget overrun	Weekly cost monitoring, auto-scaling limits, reserved capacity for predictable workloads

Phase 4: Migration execution (Month 3-12)

Pre-migration checklist (per workload)

Backup source system (full backup, verified restore)
Provision target infrastructure in cloud (IaC)
Configure networking: security groups, NACLs, DNS entries
Set up monitoring and alerting on target
Prepare rollback plan: documented steps to revert to on-prem within defined RTO
Schedule migration window with stakeholders
Notify affected teams and customers (if user-facing)

Migration execution (per workload)

Execute migration using chosen tool (AWS MGN, Azure Migrate, manual)
Verify data integrity: row counts, checksums, application-level validation
Run smoke tests against cloud deployment
Run full functional test suite
Performance test at expected load
Cut over DNS or load balancer to cloud target
Monitor for 24-48 hours: error rates, latency, resource consumption
Decommission source after 30-day bake period (keep backup)

Database migration specifics

Choose migration method: dump-and-restore (simple, downtime), replication-based (minimal downtime), or managed service (DMS, Database Migration Service)
Test migration on a copy first — never run untested migration on production
Validate foreign keys, indexes, stored procedures, triggers post-migration
Compare query performance: run top 20 queries on source and target, compare execution time
Plan for connection string updates across all dependent applications

Phase 5: Optimization (Month 6+)

Right-sizing

Review instance utilization after 30 days of production data (CPU, memory, network)
Downsize over-provisioned instances (average CPU under 20% = likely over-provisioned)
Consider burstable instances (t3/t4g on AWS, B-series on Azure) for variable workloads
Evaluate serverless alternatives for event-driven workloads (Lambda, Azure Functions)

Cost optimization

Purchase Reserved Instances or Savings Plans for stable workloads (30-50% savings)
Implement auto-scaling for variable workloads (scale down during off-hours)
Use spot instances for fault-tolerant workloads: batch processing, CI/CD runners (60-80% savings)
Review and delete unused resources monthly: unattached EBS volumes, old snapshots, idle load balancers
Set up cost anomaly detection: alert when daily spend exceeds 120% of average

Performance optimization

Enable CDN for static content (CloudFront, Azure CDN, Cloud CDN)
Implement caching layers: ElastiCache/Redis, application-level caching
Optimize database: read replicas for read-heavy workloads, connection pooling
Review and optimize data transfer: minimize cross-region and cross-AZ traffic

Phase 6: Cloud operations (Ongoing)

Operational processes

Establish cloud operations team: define roles (platform, security, cost management)
Create runbooks for common tasks: scaling, failover, incident response, DR testing
Implement change management: all infrastructure changes through IaC and CI/CD
Schedule DR tests quarterly: validate backup restore, failover procedures
Conduct monthly cost reviews: compare actual vs budget, identify optimization opportunities

Security operations

Enable continuous compliance monitoring (AWS Config, Azure Policy, GCP Organization Policy)
Run vulnerability scans weekly on all cloud resources
Review IAM policies quarterly: remove unused permissions, rotate access keys
Conduct annual penetration testing of cloud infrastructure
Monitor for misconfigurations: public S3 buckets, open security groups, unencrypted storage

Team skills

Cloud certifications for core team: AWS Solutions Architect, Azure Administrator, GCP Professional
Regular training on new cloud services and best practices
Cross-training: no single point of failure for cloud operations knowledge
Participate in cloud provider programs: Well-Architected Reviews, support plans

How ARDURA Consulting supports cloud migrations

Cloud migration requires a mix of cloud architecture, infrastructure automation, security, and legacy system knowledge. Few organizations have all these skills in-house. ARDURA Consulting provides:

Experienced cloud engineers — from our pool of 500+ senior specialists, we match AWS, Azure, and GCP certified engineers to your project within 2 weeks
Cloud architects who have designed and executed migrations from 50 to 5,000 servers across all major providers
Infrastructure as Code specialists — Terraform, CloudFormation, Bicep, and Pulumi expertise
Security engineers for cloud security posture management and compliance
40% cost savings versus sourcing equivalent cloud talent through direct hire in Western Europe
99% retention rate — your cloud engineers stay with the project through all 6 phases, ensuring continuity

Planning a cloud migration? Contact ARDURA Consulting for experienced cloud engineers and architects who have done this before.

Key takeaways

Start with a thorough assessment — you cannot plan a migration without knowing exactly what you have, what it costs, and how it connects
Use the 6 Rs framework to classify every workload — lift-and-shift 70-80% to get to the cloud fast, then selectively re-architect the high-value 20-30%
Build a 3-year TCO model that includes dual-run costs, over-provisioning in Year 1, and optimization savings in Years 2-3
Migrate in waves ordered by risk — start with dev/test environments and internal tools, not your revenue-generating production systems
Optimization is not a phase you complete — right-sizing, cost management, and security reviews are ongoing operational activities

Frequently Asked Questions

How long does a cloud migration take?

A typical enterprise cloud migration takes 6-18 months depending on scope. Phase 1-2 (assessment and strategy) take 4-8 weeks. Phase 3 (planning) takes 4-6 weeks. Phase 4 (migration execution) takes 3-12 months depending on the number of workloads and migration approach (lift-and-shift is faster, re-architecting takes longer). Phase 5-6 (optimization and operations) are ongoing. ARDURA Consulting can provide experienced cloud engineers within 2 weeks to accelerate your migration timeline.

How do I estimate cloud migration costs?

Use a three-layer cost model. Layer 1: infrastructure costs — use cloud provider pricing calculators (AWS, Azure, GCP) with your current CPU, memory, storage, and bandwidth consumption. Add 20-30% buffer for initial over-provisioning. Layer 2: migration costs — engineering time (typically 2-5 engineers for 6-12 months), tooling licenses, training, and consulting. Layer 3: hidden costs — data transfer egress fees, licensing changes (Windows Server, SQL Server per-core pricing), and productivity loss during transition. Expect total migration costs of 1.5-3x your current annual infrastructure spend as a one-time investment.

Should I use lift-and-shift or re-architect for cloud migration?

Start with lift-and-shift (rehost) for 70-80% of workloads to get to the cloud fast and reduce data center costs. Then selectively re-architect the 20-30% of workloads that will benefit most from cloud-native services — typically applications with variable load patterns, data processing pipelines, or those needing global distribution. Re-architecting everything upfront is the most common cause of migration projects stalling or failing.

What are the biggest cloud migration risks?

The top risks are: (1) underestimating data transfer time — moving 50TB+ over the internet can take weeks, plan for AWS Snowball, Azure Data Box, or dedicated connections, (2) licensing surprises — Microsoft and Oracle licenses may cost significantly more in the cloud depending on your agreement, (3) network latency — applications with tight coupling between on-prem and cloud components will suffer during hybrid periods, and (4) security gaps — cloud security is fundamentally different from on-prem, and misconfigured IAM policies or open storage buckets cause most cloud breaches.

About the author

Bartosz Ciepierski

Chief Executive Officer

Experienced leader with extensive background in the IT industry, currently serving as CEO at ARDURA Consulting. His career demonstrates impressive growth – from technical roles to strategic management in the IT services and Staff Augmentation sector. This versatile perspective enables him to effectively lead the company in a dynamically changing technological environment. At ARDURA Consulting, he focuses on shaping the company's development strategy, building strong technical teams, and developing innovative services in delivering IT specialists and creating dedicated software. His management approach is based on combining deep technology understanding with business skills, enabling effective adaptation of the company's offerings to changing market needs. He is particularly interested in digital transformation, advanced technology development in software production, and the evolution of the Staff Augmentation model. He focuses on building ARDURA Consulting as a trusted partner for companies seeking high-class IT specialists and innovative software solutions. He actively engages in developing an organizational culture based on innovation, flexibility, and continuous improvement. He believes that the key to success in the IT industry is not just following trends, but actively shaping them and building long-term client relationships based on delivering real business value.

LinkedIn →

How can we help?

Software Development

Custom software built by senior engineers

Learn more →

Staff Augmentation

Scale your team with pre-vetted IT specialists in 2 weeks

Learn more →