ADR: AWS Transform & AI Agents vs Traditional Modernization Factory
Listen to study
generated on playGenerated only on first play
This ADR evaluates the decision to adopt AWS Transform (with AI agents for .NET, Mainframe, VMware, and custom code) versus a traditional human-engineering modernization factory, or a hybrid approach. The analysis covers regression risk, test coverage, code ownership, security, total cost, and change governance in an enterprise-scale modernization program.
Modernizing an enterprise-scale legacy portfolio — .NET Framework, VMware workloads, COBOL on mainframe, and decades of accumulated custom code — is one of the most expensive and risky problems in software engineering. AWS Transform entered the market promising AI agents that automate much of this work. The real question is not 'AI or humans': it is how to distribute responsibility, risk, and cost between machines and engineers so that the outcome is auditable, secure, and sustainable.
Scenario Fact Sheet
- Program
- Enterprise modernization (composite scenario, representative of large financial/industrial programs)
- Target portfolio
- .NET Framework 4.x (~800 projects), VMware vSphere (~1,200 VMs), COBOL/mainframe (~4M LOC), custom scripts (legacy Python/Shell)
- AWS Transform — general availability
- Announced at 1 year of operation in 2025; supports .NET, VMware, Mainframe, and custom code via AI agents
- Decision criteria
- Regression risk, test coverage, code ownership, security, cost, velocity, change governance
- Regulatory constraints
- Code-change auditability (SOX/PCI equivalent), migration decision traceability, sensitive data control during code analysis
- Estimated total budget (market reference)
- Traditional factory: 3–5 years, tens of millions USD; AWS Transform approach: potential 40–60% reduction in human effort (AWS estimate, to be validated per portfolio)
- Target stack
- .NET 8 on ECS/EKS, native EC2 (post-VMware), microservices on AWS, data on RDS/Aurora
Context and Forces at Play
Large-scale modernization programs fail with predictable frequency for well-documented reasons: silently growing scope, regressions discovered too late, loss of tacit knowledge from original systems, and team fatigue on multi-year projects. The traditional factory — dedicated engineering teams manually rewriting or refactoring code — offers granular control and clear ownership, but scales poorly: cost grows linearly with code volume, and quality is heavily dependent on team seniority and consistency.
AWS Transform represents a different bet. The service orchestrates AI agents specialized by domain: one agent for upgrading .NET Framework to .NET 8, another for COBOL analysis and conversion, another for VMware VM migration planning to EC2, and a general-purpose agent for custom code. Each agent operates in a pipeline that includes static analysis, transformed code generation, test generation, and production of traceable change reports. The model does not eliminate the engineer — it shifts work from writing transformations to reviewing and validating transformations.
The central force that makes this decision non-trivial is risk asymmetry. In critical financial or industrial systems, an undetected regression in AI-transformed code can have consequences that far outweigh any cost savings. The architecture team needs to answer honestly: does the AI agent produce code that passes existing tests or code that is genuinely correct? These are different questions, and the answer depends directly on the quality of test coverage in the legacy portfolio — which, in most real cases, is low.
The Ownership and Governance Problem
A frequently underestimated aspect in discussions about AI-assisted modernization is what I call the diffuse ownership problem. When a senior engineer rewrites a COBOL module in Java or C#, they carry the intellectual responsibility for that code. They understand the decisions, can explain them in a security review, and can be held accountable. When an AI agent generates the equivalent, who is the owner? The team that ran Transform? The architect who approved the report? AWS?
This question is not philosophical — it has practical consequences in SOX audits, penetration reviews, and production incidents. A responsible modernization program needs to explicitly define that AI-generated code is owned by and is the responsibility of the engineering team that reviewed and approved it. This requires that the review process be genuine — not a rubber-stamp of automatically generated 500-page reports.
AWS Transform produces detailed transformation reports and traceable code diffs. This is a real governance asset: every change has provenance, every transformation decision is documented. The operational challenge is building a review process that is proportional to the risk of each transformed module. Financial calculation modules need deep human review; logging utilities can be approved with superficial review and automated tests. This risk triage is architecture work, not AI work.
Security, Sensitive Data, and the Agent Trust Model
AWS Transform operates by analyzing source code. In financial and industrial systems, that code frequently contains — or references — secrets, hardcoded connection strings, proprietary business logic, and in pathological cases, production data embedded in test scripts. Before running any modernization agent, the program needs a code sanitization phase that identifies and removes or replaces these elements.
AWS Transform's security model uses per-account and per-execution isolation — customer code is not used to train models, and processing occurs within the customer's AWS perimeter. This is materially different from sending code to a public LLM API without controls. Even so, the security team needs to review: what data is transmitted during analysis? What IAM permissions are required? Transform needs access to code repositories — that access should be temporary, minimally scoped, and audited via CloudTrail.
A pattern I recommend is running Transform in an isolated AWS account (a 'modernization sandbox') with controlled connectivity to the code repository, with no access to production environments. The generated artifacts — transformed code, reports, migration plans — are exported for review in a separate CI/CD pipeline before any merge. This isolation is not paranoia: it is the same least-privilege principle we apply to any CI/CD pipeline that touches production code.
Options Evaluated
Option A — Traditional Factory (100% Human Engineering)
- Clear ownership and accountability for every line of code
- Tacit knowledge actively preserved and transferred
- Full control over architecture decisions during migration
- No dependency on external service for the core transformation
- Linear cost with volume: scales poorly for large portfolios
- Velocity limited by availability of senior engineers
- Pattern inconsistency across teams in multi-year programs
- Fatigue and turnover risk in long projects
Suitable for high-risk critical modules; not viable as sole strategy for large portfolios
Option B — AWS Transform (AI agents as primary engine)
- Non-linear transformation velocity: massive parallelization of analysis and generation
- Pattern consistency enforced by the agent across the entire portfolio
- Traceable transformation reports as governance artifacts
- Automatic test generation as part of the pipeline
- Significant reduction in human effort for low-risk code
- Silent regression risk in complex business logic not covered by tests
- Diffuse ownership problem if the review process is superficial
- AWS service dependency: continuity and roadmap outside customer control
- Requires code sanitization before analysis (secrets, sensitive data)
- Output quality strongly correlated with quality of existing tests
Efficient engine for low/medium-risk code; requires robust review process to be governable
Option C — Hybrid Approach (Transform + Human Engineering by risk layer)
- Risk distributed proportionally: AI where error cost is low, humans where it is high
- Non-linear velocity for portfolio volume, with control on critical modules
- Clear ownership: engineers review and approve all code, regardless of origin
- Auditable governance: Transform generates artifacts, humans generate documented decisions
- Flexibility to adjust AI/human ratio as test maturity evolves
- Higher operational complexity: two parallel processes requiring integration
- Requires module risk classification framework before starting
- Coordination overhead cost between AI and human tracks
Recommended option: maximizes velocity and controls risk with auditable governance
Architecture Decision
The modernization program faces a portfolio of ~800 .NET Framework projects, ~1,200 VMware VMs, ~4M LOC COBOL, and accumulated custom code. The 100% human approach is not viable within the available timeline and budget. The 100% AWS Transform approach without a robust review process creates unacceptable regression risk in financial systems and diffuse ownership risk in audits. Test coverage of the legacy portfolio is heterogeneous and on average low.
Adopt Option C — Hybrid Approach — with AWS Transform as the transformation engine for code classified as low and medium risk (estimate: 65–75% of the portfolio by LOC volume), and dedicated human engineering for high-risk modules (financial calculation logic, critical integrations, code without test coverage). All Transform-generated code — regardless of risk classification — goes through mandatory human review before merge, with documented approval in the version control system. Module risk classification is produced in a 4–6 week discovery phase before transformations begin, using static analysis and dependency mapping.
- POSITIVE: Non-linear transformation velocity for the majority of the portfolio, reducing estimated total timeline by 40–55% versus 100% human factory
- POSITIVE: Explicit and auditable ownership on all transformed code, with per-module decision traceability
- POSITIVE: Upgrade pattern consistency (.NET 8, modern APIs) enforced by the agent reduces technical debt introduced during migration
- NEGATIVE: 4–6 week overhead of discovery and risk classification before starting transformations
- NEGATIVE: Operational complexity of maintaining two parallel processes (Transform + human factory) with pipeline integration
- NEGATIVE: Dependency on AWS Transform as a service; pricing changes or discontinuation affect the program — mitigated by modular design allowing AI track substitution
Hybrid Modernization Pipeline Architecture
Complete flow from legacy portfolio to modernized code in production, showing the bifurcation by risk layer and governance control points.
- Source Repos · (Git/SVN/PVCS)
- Mainframe · COBOL Source
- VMware · vSphere Inventory
- Code Sanitizer · (secrets, PII removal)
- Static Analysis · (SonarQube + custom)
- Risk Classifier · (module risk matrix)
- Risk Registry · (S3 + DynamoDB)
- Modernization · Sandbox Account
- Transform Agent · .NET Framework→.NET 8
- Transform Agent · COBOL→Java/C#
- Transform Agent · VMware→EC2 Plan
- Transform Agent · Custom Code
- Transformation Reports · + Code Diffs (S3)
- Senior Engineering · Squads
- Architecture Review · Board
- Pull Request · + Human Approval
- Test Suite · (existing + AI-generated)
- Security Scan · (SAST + SCA)
- Audit Log · (CloudTrail + CodeGuru)
- .NET 8 · ECS/EKS
- Native EC2 · (post-VMware)
- RDS/Aurora · (modernized data)
- Target Repos · (CodeCommit/GitHub)
Comparison by Decision Criterion
| Criterion | Traditional Factory | AWS Transform (pure) | Hybrid (decision) | |
|---|---|---|---|---|
| Regression Risk | Low (human reviews all) | Medium-High (depends on test coverage) | Low-Medium (AI on tested code, human on critical) | — |
| Transformation Velocity | Linear / Slow | Non-linear / High | Non-linear for majority / High | — |
| Ownership and Accountability | Clear and direct | Diffuse without review process | Clear with mandatory review process | — |
| Governance / Auditability | Depends on documentation discipline | High (automatic transformation reports) | High (Transform reports + documented human approvals) | — |
| Total Cost (estimate) | High (linear with LOC) | Medium (service + lean review) | Medium (service + risk-proportional review) | — |
| Security (sensitive data) | Controlled (code stays within perimeter) | Requires sanitization + isolated sandbox | Requires sanitization + isolated sandbox (same control) | — |
| Pattern Consistency | Depends on guidelines and team seniority | High (agent applies uniform patterns) | High for AI track; controlled for human track | — |
Program Execution Phases
- 1
Weeks 1–6: Discovery and Classification
Complete portfolio inventory. Static analysis with SonarQube and custom tools. Code sanitization (removal of secrets, PII, production data). Production of risk matrix per module. Configuration of modernization sandbox (isolated AWS account, minimal IAM, active CloudTrail). Definition of approval criteria per risk layer.
- 2
Weeks 7–14: Controlled Pilot
Selection of 20–30 low-risk .NET projects for pilot with AWS Transform. Parallel execution: 5 medium-risk projects with deep human review of Transform outputs. Measurement of real metrics: compile-without-modification rate, generated test coverage, review time per module, regressions found. Risk matrix calibration based on pilot results.
- 3
Months 4–18: At-Scale Execution
At-scale transformation of .NET portfolio (Transform track) and start of COBOL mainframe track. Human squads dedicated to high-risk modules in parallel. Bi-weekly architecture reviews to adjust risk classification as patterns emerge. Unified CI/CD pipeline with mandatory security gates for both tracks. Monthly progress reports to stakeholders with quality metrics.
- 4
Months 18–36: VMware and Completion
Execution of VMware→EC2 migration plan generated by Transform Agent. Post-migration performance validation. Progressive VM decommissioning. Completion of high-risk COBOL modules. Architecture documentation consolidation. Ownership transfer to product teams.
AWS Well-Architected Framework Assessment
Security
Code sanitization before Transform analysis is a mandatory control. The modernization sandbox in an isolated account with minimal IAM and CloudTrail is the correct standard. All generated code goes through SAST before merge. Secrets must never be in analyzed code — use AWS Secrets Manager or Parameter Store as part of modernized code.
Reliability
The hybrid pipeline has two independent transformation paths. A failure or unavailability of AWS Transform affects only the low/medium risk track — the human track continues. The modular design allows replacing the AI engine without redesigning the governance process.
Sustainability
The VMware→native EC2 migration, enabled by the VMware Transform Agent, eliminates the unnecessary virtualization layer and enables instance right-sizing. This reduces resource consumption and long-term operational cost.
The 'AI vs humans in modernization' debate is frequently poorly framed. The right question is: where is the cost of an error high enough to justify the cost of a senior engineer reviewing every line? In financial systems, that line exists and is clear — interest calculation logic, compliance rules, integrations with settlement systems. In those modules, I would not trust any AI agent without deep human review, regardless of how impressive the transformation report is. What convinces me about AWS Transform is not the promise of full automation — it is the traceability. A code diff with documented provenance, generated by an agent with deterministic behavior for that version of the service, is a better governance artifact than the commit history of many human factories I have audited. The problem is that most organizations do not build the review process proportional to risk — they bulk-approve Transform reports because the volume is large and the deadline is short. That is where programs fail. My practical recommendation: before running a single transformation with AWS Transform, invest 4–6 weeks in discovery and risk classification. Do not skip that phase to gain velocity — it is what makes the rest of the program defensible in an audit or in an incident post-mortem. And define explicitly, at the start of the program, that all AI-generated code is the responsibility of the engineer who approved the PR — no exceptions, no ambiguity. Clear ownership is the only antidote to the risk of silent regression at scale.
Verdict
AWS Transform is a genuinely useful tool for enterprise-scale modernization programs — not because it eliminates engineering work, but because it redistributes it more efficiently. The .NET Framework to .NET 8 agent solves a real scale problem: hundreds of projects with repetitive upgrade patterns that do not justify a senior engineer on each one. The VMware agent solves a complex planning problem that historically consumes weeks of architect time. The COBOL agent addresses one of the industry's hardest problems — the scarcity of engineers with COBOL knowledge and the complexity of converting decades of business logic. The real risk is not in the AI agent — it is in the process surrounding it. Programs that treat AWS Transform as a black box producing production-ready code will discover regressions in production. Programs that build a review process proportional to risk, with clear ownership and auditable governance, will reap the velocity benefits without sacrificing reliability. The hybrid decision documented here — Transform for low/medium risk, human engineering for high risk, mandatory review for everything — is not the simplest to execute, but it is the one I would defend in any architecture board or audit committee. In systems where the cost of a regression is high, the operational complexity of a robust governance process is an investment, not overhead.