A candid account of migrating a decade-old monolithic architecture to AWS microservices, revealing the hidden challenges and unexpected outcomes that rarely make it into case studies.
In 2013, developers wrote the first line of code for what would become the operational backbone of one of our longest-standing clients - a monolith that handled user authentication, billing, order processing, and reporting, all in one tightly coupled codebase. It ran on physical servers in a data center two states away. No containers, no CI/CD, and documentation that could generously be called impressionistic. For close to a decade, it worked. Gracelessly, but it worked.
{{IMAGE:2}}
Two years ago, the client came back to us - not to add features, but to get out. Costs had ballooned 40% over three years, not from growth, but from aging hardware and proprietary licenses bleeding the budget dry. During a seasonal traffic spike, the system buckled for four hours while cloud-native competitors scaled effortlessly. And the client's internal engineering team had slowed to a crawl - deploying a single bug fix meant re-testing the entire application, and onboarding a new developer took three months.
The argument for legacy system modernization had been building for years. What made it urgent wasn't one dramatic incident - it was the slow, compounding realization that the monolithic architecture our firm had built wasn't just old. For the client's current ambitions, it had become a liability.
What We Were Working With
The stack was Java 7 on bare-metal servers, a single Oracle database handling every read and write across the platform, and a frontend templated in JSP - yes, JavaServer Pages. The services weren't really services. They were modules inside one deployable WAR file, sharing the same memory space, the same database connection pool, and far too many global variables. Dependencies between modules were undocumented and discovered the hard way - by touching one thing and watching something unrelated break in production.
To be fair to the original team, a lot of those decisions made sense in 2013. A decade of incremental fixes, however, had turned defensible shortcuts into structural liabilities. The technical debt wasn't just code-level. It was architectural. Every "quick fix" over ten years had been bolted onto the monolith, and nobody - not even the original developers we consulted - held a complete map of what called what. The most useful piece of documentation we found was a whiteboard photo from 2018 saved to someone's Google Drive.
The on-premise infrastructure costs painted the same picture. Annual server maintenance contracts, Oracle licensing fees, and a managed data center relationship consumed nearly 35% of the client's total IT budget. That's before factoring in engineering hours spent on incident response - the system averaged two significant production incidents per month, each taking 6–10 hours to diagnose and resolve.
We briefly considered lift and shift - rehosting the monolith on EC2 as-is. Faster, lower risk, smaller blast radius. But it would have moved the client's problems to the cloud without solving a single one of them. As any honest post-mortem on failed cloud migrations will tell you, lifting and shifting a poorly architected system just means paying cloud prices for on-premise problems.
The Migration Strategy We Chose
The real goal was a genuine monolith to microservices transition - and that meant migrating with intent, not just migrating for the sake of it. Before writing a single line of migration code, we spent three weeks just deciding how to migrate. We evaluated the 6 Rs framework - Rehost, Replatform, Refactor, Repurchase, Retire, and Retain - against every major component of the system. Some modules were candidates for retirement (two reporting services the client's team confirmed nobody had used since 2019). A few third-party integrations made more sense to repurchase as SaaS tools. But the core platform - billing, auth, order processing - needed a proper refactor.
For the core migration, we chose the Strangler Fig pattern - a technique originally articulated by Martin Fowler and now a cornerstone of monolith decomposition strategy. The idea is borrowed from nature: a strangler fig grows around an existing tree until it eventually replaces it entirely. In practice, this meant building new microservices alongside the monolith, routing traffic incrementally, and decomposing the old system piece by piece rather than executing a high-risk big-bang cutover.
For a 10-year-old codebase with undocumented internals, this wasn't just the smart choice - it was the only sane one. Our AWS cloud migration strategy settled on a focused service stack: EC2 for compute during the transition phase, Amazon RDS to replace the Oracle database, ECS with Fargate to run containerized microservices, and API Gateway to manage traffic routing between old and new surfaces during decomposition.
The Migration - Phase by Phase
We broke the migration into four phases over nine months.
Phase 1 - Audit & Dependency Mapping
We started with AWS Migration Hub to inventory existing workloads and trace dependencies. We also wrote custom Python scripts to map database table ownership across modules, because Migration Hub could tell us what existed but not what secretly depended on what. The findings: 17 undocumented cross-module database joins, three deprecated API endpoints still receiving live traffic, and one scheduled job that had been silently failing for an estimated 14 months. None of it was in any handover document. Audit first. No exceptions.
Phase 2 - Pilot Migration
We chose the least critical service - a standalone reporting module - as the pilot. Clean boundaries, its own DB tables, low blast radius if things went sideways. We stood up a staging environment on ECS, used AWS DMS (Database Migration Service) for the initial database migration to cloud, and ran both old and new versions in parallel for three weeks before cutting over. The pilot surfaced IAM permission gaps and a character encoding mismatch in the Oracle-to-RDS migration that would have been catastrophic at full scale. That's exactly what a pilot is for.
Phase 3 - Incremental Rollout
With the pilot validated, we began decomposing the core platform. Feature flags controlled which users hit new microservices versus the monolith. Traffic splitting via API Gateway let us shift load incrementally - 5%, then 25%, then 50% - with kill switches at every step. Blue-green deployments meant we could roll back any service in under four minutes if metrics degraded.
Phase 4 - Data Migration
Live data migration was the highest-stakes phase. We used AWS DMS in continuous replication mode to keep the Oracle source and RDS target synchronized during cutover. Final switchover was scheduled at 2AM on a Tuesday - the client's lowest-traffic window. Zero downtime migration was the stated goal. We achieved four minutes of read-only mode. Close enough.
What Actually Broke
Here's what the architecture diagrams won't show you.
Zombie Dependencies Nobody Knew Existed
Despite a thorough audit, two services were still making direct database calls to tables we'd already migrated. Not in any documentation. Not flagged by the original developers we'd consulted. Discovered at 11PM by an on-call engineer chasing an alert spike. Legacy codebases have memory. It just isn't written down anywhere.
IAM Permission Hell
AWS IAM is unforgiving when you're migrating from a monolith where everything ran under the same process with the same access. Mapping granular, least-privilege roles across 30+ microservices took three weeks longer than planned and became, by volume, our single largest source of post-migration incidents - not outages, just an endless queue of "why can't service X read from bucket Y" tickets that eroded everyone's patience.
Latency Spikes Nobody Predicted
Services that had communicated in-memory inside the monolith were now making network calls. The overhead hadn't been fully accounted for. P99 latency on two critical endpoints doubled in the first week. Query optimization and a caching layer eventually brought them back down, but it cost time nobody had budgeted.
Cost Overruns in Month One
The client's AWS bill came in 60% higher than projected. Over-provisioned EC2 instances, unoptimized data transfer between availability zones, and CloudWatch logging running at full verbosity were the main culprits. Classic cloud migration cost overruns - the kind that feel obvious in hindsight and painful in the stakeholder call.
Skill Gaps Slowed Everything Down
Half our migration team had never worked with ECS or Terraform in production. These are solvable problems, but only if you budget for the learning curve upfront. We didn't, and the timeline paid for it.
Results - 6 Months Post-Migration
Six months out, the numbers made the pain worth it.
The client's infrastructure costs dropped 38%. Replacing bare-metal server contracts and Oracle licensing with Amazon RDS and pay-as-you-go compute was the primary driver. Right-sizing instances in month two trimmed the bill further, recovering most of what month one had overspent.
Deployment frequency jumped from once every six weeks to twice a week. That's not a minor efficiency gain - it's a fundamentally different engineering culture. CI/CD pipelines that were structurally impossible in the monolith became the default. The client's team ships features when they're ready, not when the release calendar permits.
Incidents dropped 65%. The old system averaged two significant production incidents per month. In the six months post-migration, there were two total. Auto-scaling handles the traffic spikes that previously paged someone at 2AM. Observability through CloudWatch and Datadog means issues surface before they become outages.
Developer experience improved the most visibly. The client's new engineers onboard in two to three weeks instead of three months. Services are independently deployable and independently understandable. We were told that for the first time in years, developers were volunteering to own new services rather than quietly avoiding the repository. The DevOps transformation changed how their team felt about the codebase - and that's harder to quantify than cost savings, but arguably more valuable in the long run.
Lessons We'd Tell Our Past Selves
If we could hand our past selves a note before kickoff, it would say five things.
Map your dependencies before you write a single Terraform file. The audit phase feels slow and unglamorous, but every hour spent mapping saves three hours of midnight debugging later. Teams routinely rush this step because clients are eager to see visible progress. Push back.
Don't underestimate IAM complexity. Granular permissions at microservice scale are a different discipline from anything a monolith ever demanded. Bring in someone who knows AWS IAM deeply, or budget significant time for your team to develop that expertise before the migration begins - not during it.
Pilot with a throwaway service, not a critical one. Your pilot exists specifically to surface surprises in a safe environment. If its failure would escalate to the client's leadership, you've chosen the wrong starting point.
Budget for 20% more time and 30% more cost than estimated. These aren't pessimistic numbers - they reflect the average overrun across most enterprise cloud migration projects. Build the buffer in upfront. Explaining it to the client mid-project is a much harder conversation than setting expectations at the start.
Involve the client's business team early. Migration timelines affect product roadmaps, customer commitments, and sales conversations. The engineers on both sides shouldn't be the only ones who know this is happening.
None of these are original insights. They're the ones we learned by ignoring them.
Conclusion
Was it worth it? For the client, unequivocally yes. For us as the team that delivered it, yes - with some hard-won scars. We handed back a system the client's developers are now proud to work on. Deployment pipelines that actually deploy. Infrastructure that scales without a phone call to a data center. A codebase that new engineers can navigate without a two-month apprenticeship with whoever happens to remember how something was built.
The digital transformation narrative tends to skip the messy middle - the zombie dependencies, the IAM tickets, the overrun budget in month one, the 2AM Slack messages. That messy middle is real, and planning for it isn't pessimism. It's the difference between a migration that lands and one that quietly becomes the next legacy system someone else gets hired to fix.
What's next for the client? Deeper investment in microservices architecture, AWS serverless for event-driven workloads, and retiring the last few services still running on EC2. Cloud-native transformation is less a destination than a direction - and the further you move in it, the harder it becomes to imagine going back.
If you're in a similar position - whether you're the development team being handed a migration or the client sitting on a creaking system - start small. Pick one low-risk service, migrate it properly, and let the results make the case. You don't have to boil the ocean. You just have to take the first step without tripping over the dependencies you haven't mapped yet.
Comments
Please log in or register to join the discussion