// table of contents
- What AWS Transform is and how custom transformations work
- The patient: a Spring CRUD app with 3 high-severity EOL issues
- Creating the transformation in the console
- The worklog — 61 agent minutes, end to end
- Output: 33 files, 9 directories, one atomic commit
- All 8 technical debt findings, prioritised
- Architecture and sequence diagrams written from source code
- 6-phase migration sequence — leaf dependencies first
- What AWS recommends running next: two named transformations
- Takeaways
Most "assessment tools" scan for known CVEs, produce a PDF with a heat-map, and call it done. AWS Transform does something different. It deploys an agentic loop — reading every source file, navigating the dependency graph, generating diagrams, and writing structured documentation — then tells you exactly which named transformation to run next. Assessment feeds pipeline.
I ran it against a real app. This is what happened.
Section 01
What AWS Transform is — and what custom transformations do
AWS Transform is a managed modernisation service built on Amazon Bedrock. You connect a repository, choose a transformation, and an agent handles the rest: reading code, reasoning about structure, writing artefacts, and surfacing a clear next step. No YAML configs. No custom scripts. One CLI command.
The service ships with built-in transformations for the most common modernisation patterns, and an expanding set of custom transformations you configure through the console chat interface:
built-in
.NET Framework → .NET 8/10
Modernize legacy .NET apps to cross-platform .NET
built-in
Mainframe COBOL → Java
Convert mainframe programs to Java
built-in
VMware VMs → EC2
Rehost / replatform VMware workloads to AWS
built-in
Database migrations
SQL Server / Oracle / MySQL → Aurora PostgreSQL
built-in
Runtime upgrades · API/SDK migrations · Infrastructure assessment · Experience-Based Acceleration
Java, Python, Node.js version upgrades · AWS SDK migration · Tech debt assessment · Comprehensive modernisation
Beyond built-ins, here are the available custom transformations — each addressing a specific modernisation scenario:
✓ used
AWS/comprehensive-codebase-analysis
Deep static analysis with technical debt identification for pre-migration assessment. Reads the full repo, generates architecture + sequence diagrams, identifies EOL components, maps anti-patterns, and produces a phased remediation plan with recommended next-step transformation names.
custom
AWS/modernization-readiness-analysis
Scans portfolios for cloud-native maturity gaps and maps findings to AWS modernisation pathways.
custom
AWS/portfolio-modernization-readiness-analysis
Aggregates analysis reports across a portfolio — consolidated modernisation roadmap with prioritised migration waves.
custom
AWS/agentic-readiness-analysis
Evaluates whether systems are ready to be called by AI agents — covering APIs, identity, state management, and observability.
custom
AWS/portfolio-agentic-readiness-analysis
Aggregates agentic readiness reports across a portfolio with prioritised recommendations.
custom
AWS/GenAI-to-Bedrock-Migration-Assessment
Assesses generative AI workloads for migration to AWS Bedrock from third-party providers.
Section 02
The patient: a Spring CRUD app with 3 high-severity EOL issues
The application is a textbook layered monolith — RESTful CRUD for user records, 8 endpoints, 7 Java source files, ~559 lines of code. Small surface area, but carrying the exact debt pattern seen across thousands of enterprise Java apps that haven't been meaningfully touched since 2020.
project-overview.md — Technology Stack
Layer Technology Version
──────────────────────────────────────────────────────
Language Java 8 (1.8) ← EOL Jan 2019
Framework Spring Boot 2.5.14 ← EOL Aug 2023
ORM Spring Data JPA / Hibernate Managed
Database MySQL 8.0
Build Maven 3.6+
App Server JBoss / WildFly 12+ ← legacy deploy model
Packaging WAR ← blocks containerisation
API Namespace javax.* ← blocks Spring Boot 3.x
Utility Lombok Managed
──────────────────────────────────────────────────────
Language Java 8 (1.8) ← EOL Jan 2019
Framework Spring Boot 2.5.14 ← EOL Aug 2023
ORM Spring Data JPA / Hibernate Managed
Database MySQL 8.0
Build Maven 3.6+
App Server JBoss / WildFly 12+ ← legacy deploy model
Packaging WAR ← blocks containerisation
API Namespace javax.* ← blocks Spring Boot 3.x
Utility Lombok Managed
The dependency chain that matters: Java 8 EOL blocks the upgrade to Java 17+, which is required by Spring Boot 3.x, which requires the
javax.* → jakarta.* namespace migration. All three high-severity items are one linked chain — fix them in order or the migration fails midway.Section 03
Creating the transformation in the console
From the AWS Transform console, I described the intent in natural language. The agent surfaced the available custom transformations, I selected AWS/comprehensive-codebase-analysis, and it confirmed the setup instantly:
AWS Transform consoleOpen · ready to execute
⟳ AWS Transform
Excellent! Your transformation is now ready.
Transformation Created
Name AWS/comprehensive-codebase-analysis
Status Open and ready to execute
Purpose Deep static analysis with technical debt
identification for pre-migration assessment
Dashboard active in the Dashboard tab.
Use the AWS Transform CLI to execute the transformation.
Excellent! Your transformation is now ready.
Transformation Created
Name AWS/comprehensive-codebase-analysis
Status Open and ready to execute
Purpose Deep static analysis with technical debt
identification for pre-migration assessment
Dashboard active in the Dashboard tab.
Use the AWS Transform CLI to execute the transformation.
The CLI command to trigger the run against the repo:
atx run \
--transformation AWS/comprehensive-codebase-analysis \
--repo mycontainers \
--path /root/aws-transform-containersSection 04
The worklog — 61 agent minutes, end to end
AWS Transform maintains a full timestamped worklog for every job. Under the hood the agent fired hundreds of shell, file_read, and file_write tool calls — navigating directories, reading source files and the SQL schema, parsing pom.xml, and writing the entire documentation tree from scratch. Here's the high-level log:
Worklog
GMT+5:30 (IST)
Jun 09 · 06:43:43
AWS Transform is starting the job
Jun 09 · 06:43:44
AWS Transform has started the job
Jun 09 · 06:45:54
AWS/comprehensive-codebase-analysis transformation created for static code analysis and assessment
Jun 09 · 06:45:57
Monitoring dashboard created for transformation progress tracking
Jun 09 · 06:46:02
AWS Transform created the recommended request Monitor transformation progress
Jun 09 · 11:46:28
Comprehensive codebase analysis completed — 33 files, 2,216 lines of code written to ATXDocumentation/
Jun 09 · 11:46:28
Campaign repository 'mycontainers' status marked VALIDATED · Agent minutes used: 61.82
Section 05
Output: 33 files, 9 directories, one atomic commit
Everything landed in a single git commit — "Step 1: Create comprehensive ATXDocumentation with full codebase anal…" — 22 minutes after the job started. Browse it live at github.com/aquavis12/aws-transform-containers → src/ATXDocumentation.
📁 aquavis12 / aws-transform-containers · src/ATXDocumentation
analysisStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
architectureStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
behaviorStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
diagramsStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
migrationStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
referenceStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
specializedStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
technical-debtStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
README.mdStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
project-overview.mdStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
technical-debt-report.mdStep 1: Create comprehensive ATXDocumentation with full codebase anal…22 min ago
ATXDocumentation/
├── README.md
├── project-overview.md ← app identity, tech stack, source metrics
├── technical-debt-report.md ← executive summary + recommended transforms
├── analysis/
│ ├── complexity-analysis.md ← per-file cyclomatic complexity
│ └── tech-debt.md
├── architecture/
│ ├── system-overview.md ← layered arch, deployment model diagram
│ ├── dependencies.md ← external + internal dep graphs
│ ├── components.md
│ └── patterns.md
├── behavior/
│ └── business-logic.md
├── diagrams/
│ ├── structural/ ← class diagrams, component maps
│ ├── behavioral/ ← sequence diagrams, activity diagrams
│ └── architecture/ ← system context, deployment diagrams
├── migration/
│ ├── component-order.md ← 6-phase migration sequence
│ └── validation-criteria.md ← build + functional + behavioral checklist
├── reference/
│ └── program-structure.md
└── technical-debt/
├── summary.md
├── outdated-components.md
├── maintenance-burden.md
└── remediation-plan.md ← action-by-action upgrade path
├── README.md
├── project-overview.md ← app identity, tech stack, source metrics
├── technical-debt-report.md ← executive summary + recommended transforms
├── analysis/
│ ├── complexity-analysis.md ← per-file cyclomatic complexity
│ └── tech-debt.md
├── architecture/
│ ├── system-overview.md ← layered arch, deployment model diagram
│ ├── dependencies.md ← external + internal dep graphs
│ ├── components.md
│ └── patterns.md
├── behavior/
│ └── business-logic.md
├── diagrams/
│ ├── structural/ ← class diagrams, component maps
│ ├── behavioral/ ← sequence diagrams, activity diagrams
│ └── architecture/ ← system context, deployment diagrams
├── migration/
│ ├── component-order.md ← 6-phase migration sequence
│ └── validation-criteria.md ← build + functional + behavioral checklist
├── reference/
│ └── program-structure.md
└── technical-debt/
├── summary.md
├── outdated-components.md
├── maintenance-burden.md
└── remediation-plan.md ← action-by-action upgrade path
Section 06
All 8 technical debt findings, prioritised
The agent produced a debt matrix covering 3 high-severity EOL items, 1 medium, and 4 low-severity code quality issues — ranked correctly by upgrade impact, not just by surface severity.
| # | Issue | Component | Sev | Impact |
|---|---|---|---|---|
| 1 | Java 8 End of Life | Runtime | High | No free security patches since Jan 2019. Missing records, sealed classes, virtual threads. |
| 2 | Spring Boot 2.5.14 EOL | Framework | High | EOL August 2023. No security fixes. Blocks upgrade to Spring Boot 3.x. |
| 3 | javax.* namespace | API | High | Must migrate to jakarta.* before Spring Boot 3.x is possible. Affects User, UserDTO, UserController. |
| 4 | mysql-connector-java 8.0.33 | Dependency | Medium | Artifact renamed to mysql-connector-j in v8.0.31+. Works but deprecated naming. |
| 5 | Field injection (@Autowired) | Code quality | Low | Harder to unit test. Hides dependencies. Prevents immutability. |
| 6 | Generic RuntimeException | Code quality | Low | "Not found" returns 400 instead of 404. No custom exception hierarchy. |
| 7 | No pagination on getAllUsers | Code quality | Low | Returns all records unbounded. Performance risk at scale. |
| 8 | No uniqueness check on update | Code quality | Low | updateUser doesn't check for duplicate username/email — can violate DB constraints. |
Section 07
Architecture and sequence diagrams written from source code
The agent didn't rely on existing documentation — there was none. It read the Java source files and generated ASCII-art architecture and sequence diagrams by reasoning about the class structure and method call chains.
System context diagram
┌────────────────────┐ ┌────────────────────────────────────┐
│ Client │ HTTP │ JBoss / WildFly │
│ (Browser / curl) │──REST──▶ │ ┌──────────────────────────────┐ │
│ │◀──JSON── │ │ Spring Boot 2.5.14 (WAR) │ │
└────────────────────┘ │ │ UserController │ │
│ │ └── UserService │ │
│ │ └── UserRepository │ │
│ └──────────────┬───────────────┘ │
└─────────────────┼──────────────────┘
│ JDBC
▼
┌─────────────────────────────────────┐
│ MySQL 8.0 · crud_db · users │
│ idx_username · idx_email │
│ idx_created_at │
└─────────────────────────────────────┘
Sequence diagram — GET /users/{id}
Client Controller Service Repository Database │ │ │ │ │ │ GET /users/1 │ │ │ │ │───────────────▶│ │ │ │ │ │ getUserById(1) │ │ │ │ │───────────────▶│ │ │ │ │ │ findById(1) │ │ │ │ │────────────────▶│ │ │ │ │ │ SELECT │ │ │ │ │──────────────▶│ │ │ │ │◀──────────────│ │ │ │◀────────────────│ Optional<User>│ │ │◀───────────────│ UserDTO │ │ │◀───────────────│ 200 OK │ │ │
The agent also produced the full external dependency graph (pom.xml-derived) and internal class dependency graph — all five Spring Boot starters flagged as EOL directly in the table. No separate scanner needed.
Section 08
6-phase migration sequence — leaf dependencies first
The migration/component-order.md file gives an ordered migration plan where each phase only touches files whose own dependencies are already migrated — avoiding mid-migration build failures.
01
Foundation
pom.xml · User.java
Update Java version target and Spring Boot parent. Migrate
javax.persistence.* → jakarta.persistence.* and javax.validation.* → jakarta.validation.* in the model layer — it has zero dependencies on other app classes, so it's the safe starting point.02
Data Layer
UserRepository.java · init-database.sql
Verify Spring Data JPA compatibility with the updated stack. The SQL schema itself requires no changes — the database side is clean, which is the best possible finding at this layer.
03
Transfer Objects
UserDTO.java
Migrate
javax.validation.* → jakarta.validation.* in the DTO. Isolated from persistence concerns — safe to migrate independently after Phase 1.04
Business Logic
UserService.java
No import changes required — the service uses only internal types. This phase is the opportunity to address code debt items 5–8: constructor injection, custom exception hierarchy, pagination, and update uniqueness checks.
05
Web Layer
UserController.java · GlobalExceptionHandler.java
Migrate
javax.validation.* → jakarta.validation.* in the controller. Verify Spring MVC compatibility in the exception handler. Update error response codes (404 for not-found, proper 4xx mapping).06
Deployment Modernisation
application.properties · Dockerfile (new)
Update Hibernate dialect, remove deprecated properties. Switch from WAR + JBoss to standalone Spring Boot JAR. This is the JBoss decoupling step — the change that moves the app to a containerisable, cloud-native deployment model. The
AWS/JBoss-to-Spring-Boot transformation handles this end-to-end.The validation criteria file generated alongside the migration sequence gives a concrete checklist: build validation (compiles, dependencies resolve, artefact packaging clean), functional validation (all 8 endpoints respond, CRUD works end-to-end with MySQL, bean validation rejects invalid input), behavioural equivalence (username uniqueness, email uniqueness, case-insensitive search, soft delete), and non-functional checks (HikariCP pool initialises, SLF4J logging at configured levels).
Section 09
What AWS recommends running next — two named transformations
The last section of technical-debt-report.md doesn't just list issues. It names the exact AWS Transform transformations to run next — strings you can drop directly into the CLI:
technical-debt-report.md — AWS Transformation Recommendation
## 🎯 AWS Transformation Recommendation
RECOMMENDED TRANSFORMATIONS:
AWS/java-version-upgrade
AWS/JBoss-to-Spring-Boot
This codebase uses Java 8 which reached end of public updates
and Spring Boot 2.5.x which is EOL. These two transformations
address the full high-severity debt chain.
RECOMMENDED TRANSFORMATIONS:
AWS/java-version-upgrade
AWS/JBoss-to-Spring-Boot
This codebase uses Java 8 which reached end of public updates
and Spring Boot 2.5.x which is EOL. These two transformations
address the full high-severity debt chain.
Here's exactly what each one does:
This is the pipeline payoff: The analysis isn't the end — it's the prerequisite. After running comprehensive-codebase-analysis you know the exact state of the repo. When you hand it to
AWS/java-version-upgrade or AWS/JBoss-to-Spring-Boot next, those transformations are working with a fully understood codebase. The 6-phase migration plan from the analysis directly informs the order the automated transforms run in.Section 10
Takeaways
AWS Transform's comprehensive codebase analysis is the most thorough automated pre-migration assessment I've run. A few things stood out:
- The output is genuinely actionable, not just comprehensive. The 6-phase migration sequence respects leaf-first dependency order. The validation criteria is a real test checklist, not documentation filler. The debt table prioritises the linked chain correctly — it doesn't list Java 8 and Spring Boot 2.5 as independent issues; it surfaces the dependency between them.
- Named next-step transformations are the real value. Assessment tools typically end with "you should upgrade Java." This one ends with
AWS/java-version-upgradeandAWS/JBoss-to-Spring-Boot— exact strings you paste into the CLI to start the automated migration. - 61 agent minutes is fast for this output volume. 33 files, 2,216 lines, sequence diagrams, dependency graphs, full remediation plan — generated by reading source code, not config. For a one-time pre-migration assessment on a legacy system this is genuinely faster than any manual approach.
- Run this before any automated transformation. Knowing that the
javax.*namespace is the upgrade blocker before you start is the difference between a clean transformation run and debugging a half-migrated build at 2am. - The portfolio-level variants are the next frontier. For teams managing 20+ Java services at different maturity stages,
AWS/portfolio-modernization-readiness-analysisshould consolidate findings and prioritise which services move first — with migration waves, not just individual reports.