awslabs · scottschreckengaust · Mar 9, 2026 · Mar 10, 2026 · Mar 11, 2026
@@ -78,7 +78,7 @@ run = [
 [tasks."security:semgrep"]
 description = "Run SemGrepOSS"
 run = [
-  "semgrep scan --quiet --oss-only --metrics=off --config=r/all --max-log-list-entries=0 --exclude-rule='ai.generic.detect-generic-ai-anthprop.detect-generic-ai-anthprop' --exclude-rule='generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key' --exclude-rule='apex.lang.best-practice.ncino.accessmodifiers.globalaccessmodifiers.global-access-modifiers' --exclude-rule='apex.lang.best-practice.ncino.urls.absoluteurls.absolute-urls' --exclude-rule='apex.lang.security.ncino.dml.apexcsrfconstructor.apex-csrf-constructor' --exclude-rule='apex.lang.security.ncino.dml.dmlnativestatements.dml-native-statements' --exclude-rule='apex.lang.security.ncino.encryption.badcrypto.bad-crypto' --exclude-rule='apex.lang.security.ncino.endpoints.insecurehttprequest.insecure-http-request' --exclude-rule='apex.lang.security.ncino.endpoints.namedcredentialsconstantmatch.named-credentials-constant-match' --exclude-rule='apex.lang.security.ncino.endpoints.namedcredentialsstringmatch.named-credentials-string-match' --exclude-rule='apex.lang.security.ncino.injection.apexsoqlinjectionfromunescapedurlparam.soql-injection-unescaped-url-param' --exclude-rule='apex.lang.security.ncino.injection.apexsoqlinjectionunescapedparam.soql-injection-unescaped-param' --exclude-rule='apex.lang.security.ncino.sharing.specifysharinglevel.specify-sharing-level' --exclude-rule='apex.lang.security.ncino.system.systemdebug.system-debug' --exclude-rule='elixir.lang.best-practice.deprecated-bnot-operator.deprecated_bnot_operator' --exclude-rule='elixir.lang.best-practice.deprecated-bxor-operator.deprecated_bxor_operator' --exclude-rule='elixir.lang.best-practice.deprecated-calendar-iso-day-of-week-3.deprecated_calendar_iso_day_of_week_3' --exclude-rule='elixir.lang.best-practice.deprecated-use-bitwise.deprecated_use_bitwise' --exclude-rule='elixir.lang.best-practice.enum-map-into.enum_map_into'              --exclude-rule='elixir.lang.best-practice.enum-map-join.enum_map_join' --exclude-rule='elixir.lang.correctness.atom-exhaustion.atom_exhaustion'"
+  "semgrep scan --quiet --oss-only --metrics=off --config=r/all --max-log-list-entries=0 --exclude-rule='ai.generic.detect-generic-ai-anthprop.detect-generic-ai-anthprop' --exclude-rule='generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key' --exclude-rule='apex.lang.best-practice.ncino.accessmodifiers.globalaccessmodifiers.global-access-modifiers' --exclude-rule='apex.lang.best-practice.ncino.urls.absoluteurls.absolute-urls' --exclude-rule='apex.lang.security.ncino.dml.apexcsrfconstructor.apex-csrf-constructor' --exclude-rule='apex.lang.security.ncino.dml.dmlnativestatements.dml-native-statements' --exclude-rule='apex.lang.security.ncino.encryption.badcrypto.bad-crypto' --exclude-rule='apex.lang.security.ncino.endpoints.insecurehttprequest.insecure-http-request' --exclude-rule='apex.lang.security.ncino.endpoints.namedcredentialsconstantmatch.named-credentials-constant-match' --exclude-rule='apex.lang.security.ncino.endpoints.namedcredentialsstringmatch.named-credentials-string-match' --exclude-rule='apex.lang.security.ncino.injection.apexsoqlinjectionfromunescapedurlparam.soql-injection-unescaped-url-param' --exclude-rule='apex.lang.security.ncino.injection.apexsoqlinjectionunescapedparam.soql-injection-unescaped-param' --exclude-rule='apex.lang.security.ncino.sharing.specifysharinglevel.specify-sharing-level' --exclude-rule='apex.lang.security.ncino.system.systemdebug.system-debug' --exclude-rule='elixir.lang.best-practice.deprecated-bnot-operator.deprecated_bnot_operator' --exclude-rule='elixir.lang.best-practice.deprecated-bxor-operator.deprecated_bxor_operator' --exclude-rule='elixir.lang.best-practice.deprecated-calendar-iso-day-of-week-3.deprecated_calendar_iso_day_of_week_3' --exclude-rule='elixir.lang.best-practice.deprecated-use-bitwise.deprecated_use_bitwise' --exclude-rule='elixir.lang.best-practice.enum-map-into.enum_map_into' --exclude-rule='elixir.lang.best-practice.enum-map-join.enum_map_join' --exclude-rule='elixir.lang.correctness.atom-exhaustion.atom_exhaustion' --exclude-rule='ai.generic.detect-generic-ai-oai.detect-generic-ai-oai'"
 ]
 
 [tasks."security:checkov"]

@@ -11,7 +11,9 @@
     "migration",
     "cloud-migration",
     "terraform",
-    "fargate"
+    "fargate",
+    "rds",
+    "eks"
   ],
   "license": "Apache-2.0",
   "name": "migration-to-aws",

@@ -10,6 +10,7 @@
       ],
       "command": "uvx",
       "env": {
+        "AWS_REGION": "us-east-1",
         "FASTMCP_LOG_LEVEL": "ERROR"
       },
       "timeout": 120000,

@@ -1,16 +1,23 @@
 # GCP-to-AWS Migration Plugin
 
-Migrate workloads from Google Cloud Platform to AWS with a 5-phase guided process.
+Migrate workloads from Google Cloud Platform to AWS with a 6-phase guided process.
 
 ## Overview
 
 This plugin guides you through migrating GCP infrastructure to AWS by:
 
-1. **Discover** - Scan Terraform files for GCP resources
-2. **Clarify** - Answer 8 questions about your migration requirements
+1. **Discover** - Scan Terraform files, application code, and/or billing exports for GCP resources
+2. **Clarify** - Answer adaptive questions about your migration requirements
 3. **Design** - Map GCP services to equivalent AWS services
 4. **Estimate** - Calculate monthly costs and ROI
-5. **Execute** - Plan your migration timeline and rollback procedures
+5. **Generate** - Generate Terraform, migration scripts, AI adapters, and documentation
+6. **Feedback** - Collect optional feedback and migration trace (optional)
+
+## Skills
+
+| Skill        | Description                                               |
+| ------------ | --------------------------------------------------------- |
+| `gcp-to-aws` | Migrate GCP workloads to AWS via a 6-phase guided process |
 
 ## Usage
 
@@ -20,12 +27,13 @@ Invoke the skill with migration-related phrases:
 - "Move off Google Cloud"
 - "Migrate Cloud SQL to RDS"
 - "GCP to AWS migration plan"
+- "Migrate our Vertex AI workloads to Bedrock"
+- "Estimate the cost of moving from GCP to AWS"
 
 ## Scope (v1.0)
 
-- **Supports**: Terraform-based GCP infrastructure
-- **Generates**: AWS architecture design, cost estimates, execution timeline
-- **Does not include** (v1.1+): App code scanning, billing data import, CDK code generation
+- **Supports**: Terraform IaC, application code (AI workload detection), and GCP billing exports
+- **Generates**: AWS architecture design, cost estimates, Terraform configurations, migration scripts, AI migration code, and documentation
 
 ## MCP Servers
 
@@ -47,10 +55,14 @@ The plugin uses state files (`.migration/[MMDD-HHMM]/`) to track migration progr
 
 - `.phase-status.json` - Current phase and status
 - `gcp-resource-inventory.json` - Discovered GCP resources
-- `clarified.json` - User requirements
+- `preferences.json` - User requirements
 - `aws-design.json` - Mapped AWS services
-- `estimation.json` - Cost analysis
-- `execution.json` - Timeline and risks
+- `estimation-infra.json` / `estimation-ai.json` / `estimation-billing.json` - Cost analysis
+- `generation-infra.json` / `generation-ai.json` / `generation-billing.json` - Migration plans
+- `terraform/` - Generated Terraform configurations
+- `scripts/` - Migration scripts
+- `ai-migration/` - AI provider adapter and test harness
+- `MIGRATION_GUIDE.md` - Step-by-step migration guide
 
 ## Installation