Skip to content
CloudPresto CloudPresto
Back to Knowledge Base
Checklist

Cloud Migration Readiness Checklist

What to audit, prepare, and validate before moving workloads into managed operations.

Before You Migrate

Migration into managed operations isn't just "give us access." The smoother the handover, the faster you reach steady-state. This checklist covers what to audit, prepare, and validate across infrastructure, security, recovery, and governance.

Infrastructure Readiness

  • Workload inventory: list all services, databases, and integrations with approximate criticality tier
  • Architecture diagram: even a rough one helps; we'll refine it during discovery
  • Dependency map: what talks to what, including external APIs and third-party services
  • Resource utilization data: current CPU, memory, storage, and network baselines for right-sizing
  • Cloud account structure: how many accounts, regions, VPCs; any multi-cloud considerations
  • IaC coverage: what percentage of infrastructure is defined in code vs. click-ops

Security Readiness

  • IAM audit: current access model, standing privileges, service accounts inventory
  • Encryption status: what's encrypted at rest/in transit, key management approach
  • Compliance requirements: SOC 2, HIPAA, ISO 27001, CIS (what frameworks apply)
  • Vulnerability scan results: most recent scan findings and remediation status
  • Network security: current segmentation, firewall rules, WAF configuration
  • Incident history: any recent security events and how they were handled

Recovery Readiness

  • Backup inventory: what's backed up, how often, where it's stored, last verified restore
  • RTO/RPO targets: defined or undefined? Realistic or aspirational?
  • DR plan: does one exist? When was it last tested? What were the results?
  • Replication status: any cross-region or cross-cloud replication in place?
  • Runbooks: documented recovery procedures? When were they last updated?

Governance Readiness

  • Change process: how are infrastructure changes currently approved and tracked?
  • Stakeholder contacts: who are the technical lead and business owner for each workload?
  • Communication channels: Slack, Teams, PagerDuty (what tools does your team use?)
  • Escalation paths: who gets called at 3 AM? Is this documented?
  • Reporting expectations: what does leadership want to see and how often?
Don't worry if you can't check every box. That's what discovery is for. The checklist helps you prepare what you can, and we'll fill the gaps together during the first two weeks.