From 66f646f002a3592c1fd9a0221c507e7664581b3e Mon Sep 17 00:00:00 2001 From: VitorAEltz Date: Mon, 18 May 2026 16:03:36 -0300 Subject: [PATCH 1/2] feat: Adds comprehensive AWS-to-Azion migration guide Introduces a detailed documentation page mapping AWS services and configurations to Azion equivalents, outlining migration strategies for compute, storage, database, security, DNS, and observability. Aims to streamline cloud migration, clarify feature parity, and provide step-by-step instructions for each migration area to reduce operational risk and improve platform adoption. --- .../aws-to-azion-comprehensive-guide.mdx | 3212 +++++++++++++++++ 1 file changed, 3212 insertions(+) create mode 100644 src/content/docs/en/pages/guides/aws-to-azion/aws-to-azion-comprehensive-guide.mdx diff --git a/src/content/docs/en/pages/guides/aws-to-azion/aws-to-azion-comprehensive-guide.mdx b/src/content/docs/en/pages/guides/aws-to-azion/aws-to-azion-comprehensive-guide.mdx new file mode 100644 index 0000000000..f344eec2d8 --- /dev/null +++ b/src/content/docs/en/pages/guides/aws-to-azion/aws-to-azion-comprehensive-guide.mdx @@ -0,0 +1,3212 @@ +--- +title: Migrate from AWS to Azion | Complete migration guide for modern applications +description: >- + Learn how to migrate from AWS to Azion with less operational risk. Migrate CloudFront, Lambda, S3, DynamoDB, Route 53, WAF, and other AWS services to Azion Applications, Functions, Object Storage, KV Store, Edge DNS, and security products. Azion provides a complete migration path from AWS compute, storage, database, security, and observability services to a unified edge platform. +meta_tags: 'Azion, AWS, migration, edge computing, serverless, CloudFront, Lambda, S3' +namespace: docs_guides_aws_to_azion +permalink: /documentation/products/guides/aws-migration-guide/ +--- + +import Tabs from '~/components/tabs/Tabs' +import Code from '~/components/Code/Code.astro' + +# Migrate from AWS to Azion + +A platform migration usually begins long before the first configuration file is changed. It starts when a team notices that its current environment no longer gives the same level of clarity, speed, or control it once did. + +For teams using AWS, this moment often comes after years of accumulated complexity: CloudFront distributions with layered cache behaviors, Lambda functions with runtime dependencies, S3 buckets with evolving access policies, DynamoDB tables with provisioned capacity, Route 53 zones with health checks, WAF rules with managed rule groups, and CloudWatch alarms with custom metrics. Each service works, but together they create operational overhead that slows development. + +For teams currently using Amazon CloudFront, AWS Lambda, Amazon S3, Amazon DynamoDB, Amazon Route 53, AWS WAF, AWS Shield, Amazon CloudWatch, or other AWS services, Azion provides equivalent capabilities through Applications, Functions, Object Storage, KV Store, Edge DNS, Web Application Firewall, DDoS Protection, Real-Time Metrics, and Real-Time Events. + +The strongest reason to migrate is not simply to replace one vendor with another. It is to consolidate compute, storage, database, delivery, security, and observability into a unified platform designed for globally distributed applications. + +## How AWS to Azion Migration Works + +Traditional platform migrations often require rewriting application logic, reconfiguring infrastructure from scratch, and managing multiple disconnected services. This approach creates operational risk, extends timelines, and fragments team knowledge across different configuration patterns. + + +The Azion migration approach preserves your application logic while transitioning to a unified platform: + +1. **Incremental migration path.** Start with a single project, validate each layer independently, and expand with confidence. No need to migrate everything at once. + +2. **Preserved application logic.** Functions, cache policies, origin configurations, and data services map directly to Azion equivalents with minimal code changes—primarily syntax updates for environment access and service imports. + +3. **Unified platform model.** Instead of managing compute, storage, databases, security, and observability as disconnected layers, Azion brings these capabilities together with consistent APIs and configuration patterns. + +## Feature Mapping + +The following tables provide a comprehensive mapping of AWS products to their Azion equivalents. A dash (`-`) indicates that Azion does not currently offer a direct equivalent. + +### Basic AWS Terminology + +| AWS Product | Description | Azion Equivalent | +| :---------- | :---------- | :--------------- | +| **Amazon CloudFront** | AWS CDN for delivering static content, dynamic content, APIs, applications, and video globally. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) | +| **AWS Lambda** | General-purpose serverless compute for event-driven code execution. | [Functions for Applications](https://www.azion.com/en/documentation/products/build/applications/functions/) | +| **Amazon S3** | Object storage for unstructured data, static assets, backups, archives, and websites. | [Object Storage](https://www.azion.com/en/documentation/products/store/object-storage/) | +| **Amazon DynamoDB** | Serverless key-value and document database. | [KV Store](https://www.azion.com/en/documentation/products/store/kv-store/) | +| **AWS WAF** | Web application firewall for protecting applications and APIs. | [Firewall](https://www.azion.com/en/documentation/products/secure/firewall/) / [WAF](https://www.azion.com/en/documentation/products/secure/firewall/web-application-firewall/) | +| **Amazon Route 53** | Authoritative DNS, domain registration, routing policies, and health checks. | [Edge DNS](https://www.azion.com/en/documentation/products/secure/edge-dns/) | +| **Amazon CloudWatch** | Collect, query, visualize, and alarm on service and application metrics and logs. | [Real-Time Metrics](https://www.azion.com/en/documentation/products/observe/real-time-metrics/) + [Real-Time Events](https://www.azion.com/en/documentation/products/observe/real-time-events/) | + +### AWS Configuration + +| AWS Reference | Description | Azion Equivalent | +| :------------ | :---------- | :--------------- | +| **CloudFront Cache Policies** | Control cache keys, TTLs, headers, cookies, query strings, and compression. | [Cache](https://www.azion.com/en/documentation/products/build/applications/cache/) | +| **CloudFront Origin Request Policies** | Control which request values CloudFront forwards to origin. | [Rules Engine](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) | +| **Lambda Environment Variables** | Environment variables for Lambda function configuration. | [Variables](https://www.azion.com/en/documentation/products/functions/environment-variables/) | +| **AWS CLI** | Command-line interface for managing AWS services. | [Azion CLI](https://www.azion.com/en/documentation/products/azion-cli/overview/) | +| **AWS CloudFormation** | Infrastructure as Code service for modeling and provisioning AWS resources. | [Terraform Provider](https://www.azion.com/en/documentation/products/terraform-provider/) | +| **Lambda Runtime Environment** | Runtime layer used by Lambda functions. | [Azion Runtime](https://www.azion.com/en/documentation/products/build/applications/runtime/) | + +### Delivery & CDN + +| AWS Product | Description | Azion Equivalent | +| :---------- | :---------- | :--------------- | +| **Amazon CloudFront** | AWS CDN for delivering static content, dynamic content, APIs, applications, and video globally. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) | +| **CloudFront Distributions** | Main CloudFront delivery resource for domains, origins, cache behavior, certificates, security, and edge delivery settings. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) | +| **CloudFront Alternate Domain Names** | Configure custom domains for CloudFront distributions. | [Workloads](https://www.azion.com/en/documentation/products/secure/workloads/) | +| **CloudFront Cache Behaviors** | Path-based delivery behavior, cache policy, origin request policy, allowed methods, and edge function associations. | [Rules Engine for Applications](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) | +| **CloudFront Cache Policies** | Control cache keys, TTLs, headers, cookies, query strings, and compression. | [Cache](https://www.azion.com/en/documentation/products/build/applications/cache/) | +| **CloudFront Origin Request Policies** | Control which request values CloudFront forwards to origin. | [Rules Engine](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) | +| **CloudFront Response Headers Policies** | Add or modify response headers such as security headers and CORS headers. | [Rules Engine for Applications](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) | +| **CloudFront Origin Shield** | Additional centralized caching layer to reduce origin load and improve cache hit ratio. | [Tiered Cache](https://www.azion.com/en/documentation/products/build/applications/cache/tiered-cache/) | +| **CloudFront Invalidation** | Remove content from CloudFront edge caches before expiration. | [Real-Time Purge](https://www.azion.com/en/documentation/products/build/applications/real-time-purge/) | +| **CloudFront Functions** | Lightweight JavaScript execution at the edge for redirects, rewrites, headers, and cache-key normalization. | [Functions for Applications](https://www.azion.com/en/documentation/products/build/applications/functions/) | +| **Lambda@Edge** | Node.js or Python functions triggered by CloudFront events to customize delivery. | [Functions for Applications](https://www.azion.com/en/documentation/products/build/applications/functions/) | +| **Lambda@Edge for security logic** | Use CloudFront-triggered functions for request validation, authentication, or blocking logic. | [Functions for Firewall](https://www.azion.com/en/documentation/products/secure/firewall/functions/) | +| **CloudFront Device Detection** | Detect device type and pass device metadata to the origin. | [Device Groups](https://www.azion.com/en/documentation/products/build/applications/device-groups/) | +| **AWS Elemental MediaLive** | Real-time live video encoding. | [Live Ingest](https://www.azion.com/en/documentation/products/media/live-ingest/) | +| **AWS Elemental MediaPackage** | Package and originate live video streams for HLS, DASH, and related formats. | [Live Ingest](https://www.azion.com/en/documentation/products/media/live-ingest/) + [Applications](https://www.azion.com/en/documentation/products/build/applications/) | +| **CloudFront for live streaming** | Deliver live video globally using CloudFront with AWS Media Services. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) + [Live Ingest](https://www.azion.com/en/documentation/products/media/live-ingest/) | + +### Compute & AI + +| AWS Product | Description | Azion Equivalent | +| :---------- | :---------- | :--------------- | +| **AWS Lambda** | General-purpose serverless compute for event-driven code execution. | [Functions for Applications](https://www.azion.com/en/documentation/products/build/applications/functions/) | +| **Amazon API Gateway** | Create and manage REST, HTTP, and WebSocket APIs with backend integrations. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) + [Functions](https://www.azion.com/en/documentation/products/build/applications/functions/) | +| **API Gateway request validation / throttling** | Apply API request controls, throttling, and validation rules. | [Rules Engine](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) + [Firewall](https://www.azion.com/en/documentation/products/secure/firewall/) | +| **AWS Amplify Hosting** | Git-based CI/CD and hosting for static and server-side rendered web apps. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) + [Azion CLI](https://www.azion.com/en/documentation/products/azion-cli/overview/) | +| **AWS App Runner** | Deploy source code or container images to managed web applications. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) + [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | +| **Amazon Bedrock** | Foundation model access and generative AI application development. | [AI Inference](https://www.azion.com/en/documentation/products/ai/ai-inference/) | +| **Amazon Bedrock model inference** | Invoke foundation models for text, image, embedding, and generative AI use cases. | [AI Inference](https://www.azion.com/en/documentation/products/ai/ai-inference/) | +| **Amazon Bedrock Fine-Tuning** | Customize foundation models with fine-tuning for specific use cases. | [LoRA Fine-Tune](https://www.azion.com/en/documentation/products/build/applications/ai-inference/lora-fine-tune/) | +| **Amazon Bedrock Custom Model Import** | Import customized foundation models into Bedrock. | [AI Inference](https://www.azion.com/en/documentation/products/ai/ai-inference/) + [LoRA Fine-Tune](https://www.azion.com/en/documentation/products/build/applications/ai-inference/lora-fine-tune/) | +| **Amazon SageMaker AI Real-Time Inference** | Deploy ML models to managed real-time inference endpoints. | [AI Inference](https://www.azion.com/en/documentation/products/ai/ai-inference/) | + +### Storage & Database + +| AWS Product | Description | Azion Equivalent | +| :---------- | :---------- | :--------------- | +| **Amazon S3** | Object storage for unstructured data, static assets, backups, archives, and websites. | [Object Storage](https://www.azion.com/en/documentation/products/store/object-storage/) | +| **Amazon S3 Static Website Hosting** | Host static websites from S3 buckets. | [Object Storage](https://www.azion.com/en/documentation/products/store/object-storage/) + [Applications](https://www.azion.com/en/documentation/products/build/applications/) | +| **S3 Object Lambda** | Transform S3 objects with Lambda before returning them to the requester. | [Object Storage](https://www.azion.com/en/documentation/products/store/object-storage/) + [Functions](https://www.azion.com/en/documentation/products/build/applications/functions/) | +| **S3 Object Lambda for image transformation** | Resize, watermark, redact, or transform content retrieved from S3. | [Image Processor](https://www.azion.com/en/documentation/products/build/applications/image-processor/) + [Functions](https://www.azion.com/en/documentation/products/build/applications/functions/) | +| **Amazon Aurora DSQL** | Serverless distributed relational SQL database for transactional workloads. | [SQL Database](https://www.azion.com/en/documentation/products/store/sql-database/) | +| **Amazon DynamoDB** | Serverless key-value and document database. | [KV Store](https://www.azion.com/en/documentation/products/store/kv-store/) | +| **DynamoDB Global Tables** | Multi-Region replication for globally distributed NoSQL data. | [KV Store](https://www.azion.com/en/documentation/products/store/kv-store/) | + +### Security, DNS & Load Balancing + +| AWS Product | Description | Azion Equivalent | +| :---------- | :---------- | :--------------- | +| **AWS WAF** | Web application firewall for protecting applications and APIs. | [WAF](https://www.azion.com/en/documentation/products/secure/firewall/web-application-firewall/) / [Firewall](https://www.azion.com/en/documentation/products/secure/firewall/) | +| **AWS Managed Rules for AWS WAF** | Managed rule groups for common vulnerabilities and unwanted traffic. | [WAF Rule Sets](https://www.azion.com/en/documentation/products/secure/firewall/waf-rule-sets/) | +| **AWS WAF custom rules** | Create custom match conditions and actions for web requests. | [Rules Engine for Firewall](https://www.azion.com/en/documentation/products/secure/firewall/rules-engine/) | +| **AWS WAF Bot Control** | Managed bot detection and mitigation. | [Bot Manager](https://www.azion.com/en/documentation/products/secure/firewall/bot-manager/) | +| **AWS WAF Rate-Based Rules** | Rate limit requests based on IP, headers, URI, method, or other keys. | [Rules Engine](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) + [Network Shield](https://www.azion.com/en/documentation/products/secure/firewall/network-shield/) | +| **AWS WAF IP Sets** | Reusable IP/CIDR lists for allow or block rules. | [Network Lists](https://www.azion.com/en/documentation/products/secure/firewall/network-lists/) | +| **AWS Shield Standard** | Standard DDoS protection for AWS resources. | [DDoS Protection](https://www.azion.com/en/documentation/products/secure/firewall/ddos-protection/) | +| **AWS Shield Advanced** | Advanced DDoS protection with additional visibility and mitigation options. | [DDoS Protection](https://www.azion.com/en/documentation/products/secure/firewall/ddos-protection/) | +| **Shield Advanced automatic DDoS mitigation** | Automatically creates or updates WAF protections during application-layer attacks. | [DDoS Protection](https://www.azion.com/en/documentation/products/secure/firewall/ddos-protection/) + [WAF](https://www.azion.com/en/documentation/products/secure/firewall/web-application-firewall/) | +| **AWS Network Firewall** | Managed VPC network firewall. | [Network Shield](https://www.azion.com/en/documentation/products/secure/firewall/network-shield/) | +| **Elastic Load Balancing** | Distributes traffic across multiple targets and availability zones. | [Load Balancer](https://www.azion.com/en/documentation/products/secure/connectors/load-balancer/) | +| **Application Load Balancer** | Layer 7 HTTP/HTTPS load balancing with application-level routing. | [Load Balancer](https://www.azion.com/en/documentation/products/secure/connectors/load-balancer/) | +| **Network Load Balancer** | Layer 4 TCP/UDP/TLS load balancing. | [Load Balancer](https://www.azion.com/en/documentation/products/secure/connectors/load-balancer/) | +| **AWS Global Accelerator** | Global Anycast IPs and optimized routing over the AWS global network. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) + [Load Balancer](https://www.azion.com/en/documentation/products/secure/connectors/load-balancer/) | +| **CloudFront Origin Access Control** | Secure S3 origins so users access content through CloudFront instead of directly from S3. | [Connectors](https://www.azion.com/en/documentation/products/secure/connectors/) + [Origin Shield](https://www.azion.com/en/documentation/products/secure/connectors/origin-shield/) | +| **CloudFront Signed URLs / Signed Cookies** | Restrict access to private content using signed URLs or cookies. | [Rules Engine](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) + [Functions](https://www.azion.com/en/documentation/products/build/applications/functions/) | +| **CloudFront Geographic Restrictions** | Allow or block content access by country. | [Rules Engine](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) + [Network Shield](https://www.azion.com/en/documentation/products/secure/firewall/network-shield/) | +| **Amazon Route 53** | Authoritative DNS, domain registration, routing policies, and health checks. | [Edge DNS](https://www.azion.com/en/documentation/products/secure/edge-dns/) | +| **AWS Certificate Manager** | Provision, import, manage, deploy, and renew SSL/TLS certificates. | [Certificate Manager](https://www.azion.com/en/documentation/products/build/applications/certificate-manager/) | +| **AWS Private CA** | Create and operate private certificate authorities. | [Certificate Manager](https://www.azion.com/en/documentation/products/build/applications/certificate-manager/) | +| **AWS Private CA for client authentication** | Private PKI patterns for certificate-based client authentication. | [mTLS](https://www.azion.com/en/documentation/products/secure/firewall/mtls/) | + +### Orchestration + +| AWS Product | Description | Azion Equivalent | +| :---------- | :---------- | :--------------- | +| **AWS IoT Greengrass** | Run AWS-managed edge components and local processing on edge devices. | [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | +| **AWS IoT Greengrass deployments** | Deploy components and configurations to edge devices. | [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | +| **Amazon ECS Anywhere** | Register and manage on-premises or external servers in ECS clusters. | [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | +| **AWS Outposts** | Run AWS infrastructure and services on customer premises. | [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | +| **AWS Systems Manager Hybrid Activations** | Manage non-EC2 machines in hybrid and multicloud environments. | [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | + +### DevTools + +| AWS Product | Description | Azion Equivalent | +| :---------- | :---------- | :--------------- | +| **Amazon CloudWatch Metrics** | Collect, query, visualize, and alarm on service and application metrics. | [Real-Time Metrics](https://www.azion.com/en/documentation/products/observe/real-time-metrics/) | +| **Amazon CloudWatch Logs** | Collect, monitor, query, and analyze logs. | [Real-Time Events](https://www.azion.com/en/documentation/products/observe/real-time-events/) | +| **CloudWatch Logs Insights** | Query and investigate logs interactively. | [Real-Time Events](https://www.azion.com/en/documentation/products/observe/real-time-events/) | +| **Amazon Data Firehose** | Deliver streaming data to destinations such as S3, Redshift, OpenSearch, and HTTP endpoints. | [Data Stream](https://www.azion.com/en/documentation/products/observe/data-stream/) | +| **CloudWatch RUM** | Real user monitoring for browser and mobile application performance. | [Edge Pulse](https://www.azion.com/en/documentation/products/observe/edge-pulse/) | +| **AWS Marketplace** | Discover, buy, deploy, and manage third-party software, data, and services. | [Marketplace](https://www.azion.com/en/documentation/products/marketplace/) | +| **AWS Management Console** | Web interface for accessing and managing AWS services. | [Azion Console](https://console.azion.com/) | +| **AWS APIs** | Programmatic interface for AWS service operations. | [Azion API](https://www.azion.com/en/documentation/products/developer/api/) | +| **Amazon CloudWatch APIs / Metrics APIs** | Query metrics, logs, alarms, and observability data programmatically. | [GraphQL API](https://www.azion.com/en/documentation/products/developer/graphql-api/) | +| **AWS CLI** | Command-line interface for managing AWS services. | [Azion CLI](https://www.azion.com/en/documentation/products/azion-cli/overview/) | +| **AWS SDKs** | Language-specific SDKs for building integrations with AWS services. | [SDK](https://www.azion.com/en/documentation/products/developer/sdk/) | +| **AWS SDK for JavaScript** | JavaScript libraries for interacting with AWS services. | [Azion Lib](https://www.azion.com/en/documentation/products/azion-lib/overview/) | +| **AWS CloudFormation** | Infrastructure as Code service for modeling and provisioning AWS resources. | [Terraform Provider](https://www.azion.com/en/documentation/products/terraform-provider/) | +| **AWS Cloud Development Kit** | Define infrastructure using programming languages and synthesize to CloudFormation. | [Terraform Provider](https://www.azion.com/en/documentation/products/terraform-provider/) + [Azion API](https://www.azion.com/en/documentation/products/developer/api/) | +| **Terraform AWS Provider** | Terraform provider for managing AWS resources. | [Terraform Provider](https://www.azion.com/en/documentation/products/terraform-provider/) | +| **Lambda runtime environment** | Runtime layer used by Lambda functions. | [Azion Runtime](https://www.azion.com/en/documentation/products/build/applications/runtime/) | +| **CloudFront edge runtime** | Runtime environment for CloudFront Functions and Lambda@Edge. | [Azion Runtime](https://www.azion.com/en/documentation/products/build/applications/runtime/) | + +## Migration Strategy + +The migration is organized around Azion's four product categories, allowing teams to plan and execute each layer independently: + +- **Build**: deploy applications, configure builds and environment variables, migrate Lambda functions, CloudFront behaviors, routing, headers, load balancing, cache, image optimization, and AI workloads. +- **Secure**: migrate custom domains, Route 53 DNS, SSL/TLS certificates, WAF rules, DDoS protection, bot management, and rate limiting. +- **Store**: migrate S3 objects, DynamoDB tables, and Aurora databases to Object Storage, KV Store, and SQL Database. +- **Observe**: migrate CloudWatch metrics, logs, and alarms to Azion's real-time observability stack. + +:::note +If you do not need near-zero downtime, you can migrate in phases with maintenance windows. This allows stopping writes during each migration step without requiring parallel data synchronization. +::: + +## Build + +The Build category covers application deployment, compute, routing, and configuration. Start here to bring your application onto Azion and establish the foundation for the rest of the migration. + +### 1. Project Setup on Azion + +The first step brings your application into Azion in a way that feels familiar to teams that deploy modern web projects on AWS. If you have used AWS CloudFormation, SAM, or CDK, you already understand the pattern: define infrastructure as code, configure build settings, deploy the output, and validate the generated URL. + +Azion follows a similar workflow but with a broader platform context. Your project becomes part of an environment where application delivery, Functions, rules, security, and observability can be managed together. + +#### Key Differences + +| Aspect | AWS | Azion | +| :----- | :--- | :---- | +| **Config file** | `template.yaml` (SAM) / `cdk.json` (CDK) | `azion.config.js` (JavaScript) | +| **Framework detection** | Manual configuration | 20+ frameworks with auto-detection | +| **Cold starts** | Common (regional Lambda) | Minimized (distributed nodes) | +| **Compliance** | SOC 2, ISO 27001, HIPAA | PCI DSS 4.0.1 Level 1, SOC 2 Type II | + +#### Connect Your Repository + +1. Open [Azion Console](https://console.azion.com/). +2. Click **+ Create** > **Import from GitHub**. +3. Authorize the Azion GitHub App. +4. Select the repository you want to migrate. + +:::note +Keep the first deployment intentionally small. Do not try to migrate every distribution, function, API gateway, storage dependency, and database at once. Start by proving the application can build and run on Azion. +::: + +#### Configure Your Build + +Azion auto-detects your framework and configures build settings. Override the detected preset in `azion.config.js`: + + + +#### Deploy and Verify + +Deploy from the Azion Console or CLI. Your temporary Azion URL follows this pattern: + + + +Validate the deployment: + + + +#### Reference documentation + +* [Applications](https://www.azion.com/en/documentation/products/build/applications/) +* [Applications first steps](https://www.azion.com/en/documentation/products/build/applications/first-steps/) +* [Azion CLI overview](https://www.azion.com/en/documentation/products/azion-cli/overview/) +* [Import an existing project from GitHub](https://www.azion.com/en/documentation/products/guides/import-an-existing-project-from-github/) + +### 2. Converting Build Configuration + +A migration can appear successful when the build passes but fail later when runtime behavior differs. Review build and deployment configuration carefully instead of treating it as a mechanical command replacement. + +#### CLI Quick Reference + +| Task | AWS CLI | Azion CLI | +| :--- | :------ | :-------- | +| **Install** | `pip install awscli` | `curl -fsSL https://cli.azion.app/install.sh \| bash` | +| **Login** | `aws configure` | `azion login` | +| **Local dev** | `sam local start-api` | `azion dev` | +| **Deploy** | `sam deploy --guided` or `cdk deploy` | `azion deploy` | +| **View logs** | `aws logs tail /aws/lambda/my-function` | `azion logs` | + +#### Build Configuration Comparison + +| Aspect | AWS SAM/CDK | Azion | +| :----- | :---------- | :---- | +| **Infrastructure as Code** | YAML/TypeScript templates | JavaScript config | +| **Local testing** | SAM local emulator | Built-in dev server | +| **Deployment** | CloudFormation stacks | Direct deployment | +| **Rollback** | Stack rollback | Version history | + +#### Reference documentation + +* [Azion CLI overview](https://www.azion.com/en/documentation/products/azion-cli/overview/) +* [azion.config.js reference](https://www.azion.com/en/documentation/devtools/cli/configs/azion-config-js/) +* [azion deploy command](https://www.azion.com/en/documentation/devtools/cli/deploy/) + +### 3. Migrating Environment Variables + +Environment variables contain API keys, database credentials, authentication secrets, service endpoints, feature flags, and environment-specific configuration. Migrating them incorrectly causes runtime failures even when deployment succeeds. + +#### Key Differences + +| Aspect | AWS | Azion | +| :----- | :-- | :---- | +| **Access** | `process.env.VARIABLE` | `Azion.env.get('VARIABLE')` | +| **Secrets management** | AWS Secrets Manager / Systems Manager Parameter Store | Variables in Functions Instances | +| **Environment stages** | Stage name in function ARN | Environment context in config | + +#### Evaluate Your Variables + +Before changing code, identify every variable in: + +* AWS Lambda: Environment variables in function configuration +* AWS Secrets Manager: Secret values and rotation policies +* Systems Manager Parameter Store: Parameters and paths +* Elastic Beanstalk: Environment properties +* CI/CD environment settings (CodePipeline, CodeBuild) +* Runtime configuration in source code + +#### Create Variables in Azion + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Navigate to **Build > Variables**. +3. Click **Add Variable**. +4. Enter the variable name and value. +5. Click **Save**. + + + + +:::note +Azion manages environment variables at the Function instance level, not through a standalone variables API. Variables are configured as key-value pairs in the `vars` field when creating or updating a function instance. See the [Functions Instances documentation](https://www.azion.com/en/documentation/products/build/applications/functions-instances/) for details. +::: + + + +#### Update Your Code + + + +:::caution[warning] +Avoid copying secrets into local notes, tickets, chat messages, or temporary documents. Keep secrets in approved systems and limit access to processes that need them. +::: + +#### Reference documentation + +* [Environment Variables](https://www.azion.com/en/documentation/products/build/develop-with-azion/environment-variables/) +* [Working with variables](https://www.azion.com/en/documentation/products/guides/deploy/work-with-variables/) +* [Azion runtime environment variables reference](https://www.azion.com/en/documentation/products/functions/environment-variables/) + +### 4. Migrating CloudFront to Applications + +CloudFront distributions deliver content from edge locations with caching and origin configuration. Azion Applications provide similar capabilities with integrated Rules Engine for request/response manipulation. + +#### Key Differences + +| Aspect | AWS CloudFront | Azion Applications | +| :----- | :------------- | :----------------- | +| **Distribution config** | XML/JSON in CloudFormation | JavaScript config or Console | +| **Origins** | S3, ALB, Custom origins | Connectors (HTTP, Object Storage) | +| **Behaviors** | Cache behaviors with paths | Rules Engine with criteria | +| **SSL certificates** | ACM (us-east-1 only) | Digital Certificates | +| **Lambda@Edge** | Edge functions (4 triggers) | Functions (request/response phases) | + +#### Configuration Steps + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Navigate to **Build > Applications**. +3. Click **Add Application**. +4. Configure your **Main Settings**: + - Name your application + - Set origin type (HTTP, Object Storage) + - Configure origin address +5. Set up **Cache Settings** for TTL configuration. +6. Configure **Rules Engine** for path-based routing. +7. Add **Custom Domains** when ready. + + + + + + + +#### Distribution Configuration Migration + + + +#### Origin Request vs Viewer Request + +In CloudFront, Lambda@Edge functions trigger at different points. Azion maps these to Rules Engine phases: + +| CloudFront Trigger | Azion Equivalent | +| :----------------- | :--------------- | +| Viewer Request | Rules Engine > Request Phase | +| Origin Request | Rules Engine > Request Phase (after cache check) | +| Origin Response | Rules Engine > Response Phase | +| Viewer Response | Rules Engine > Response Phase | + +#### Reference documentation + +* [Applications](https://www.azion.com/en/documentation/products/build/applications/) +* [Applications Main Settings](https://www.azion.com/en/documentation/products/build/applications/main-settings/) +* [Rules Engine for Applications](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) +* [Connectors](https://www.azion.com/en/documentation/products/secure/connectors/) + +### 5. Migrating API Gateway to Applications + Functions + +API Gateway provides REST and HTTP API management with authorizers, throttling, and stage management. Azion Applications combined with Functions deliver similar capabilities with distributed execution. + +#### Key Differences + +| Aspect | AWS API Gateway | Azion Applications + Functions | +| :----- | :-------------- | :----------------------------- | +| **API types** | REST API, HTTP API | Functions with routing | +| **Authorizers** | Lambda, Cognito, JWT | Functions with custom logic | +| **Stages** | Stage variables and deployments | Environment configuration | +| **Throttling** | Usage plans + rate limiting | Rate Limit rules | +| **Custom domains** | Domain mappings | Application domains | + +#### Configuration Steps + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Navigate to **Build > Functions**. +3. Create Functions for each API endpoint. +4. Navigate to **Build > Applications**. +5. Create an Application for your API. +6. Configure **Rules Engine** to route paths to Functions. +7. Set up rate limiting rules. +8. Add authentication via Functions. + + + + + + + +#### API Gateway Authorizer Migration + + { + const token = event.authorizationToken; + try { + const decoded = jwt.verify(token, process.env.JWT_SECRET); + return { + principalId: decoded.sub, + policyDocument: { + Version: '2012-10-17', + Statement: [{ + Action: 'execute-api:Invoke', + Effect: 'Allow', + Resource: event.methodArn + }] + } + }; + } catch (err) { + throw new Error('Unauthorized'); + } +}; + +// After: Azion Function for Authorization +export default { + async fetch(request) { + const authHeader = request.headers.get('Authorization'); + if (!authHeader) { + return new Response('Unauthorized', { status: 401 }); + } + + const token = authHeader.replace('Bearer ', ''); + try { + const secret = Azion.env.get('JWT_SECRET'); + const decoded = await verifyJWT(token, secret); + + // Store user info in request metadata for downstream functions + request.metadata['user_id'] = decoded.sub; + return request; // Continue to next handler + } catch (err) { + return new Response('Unauthorized', { status: 401 }); + } + } +}; +`} /> + +#### Route Migration Example + + + +#### Reference documentation + +* [Functions](https://www.azion.com/en/documentation/products/build/applications/functions/) +* [Functions Instances](https://www.azion.com/en/documentation/products/build/applications/functions-instances/) +* [Rules Engine for Applications](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) + +### 6. Migrating Lambda to Functions + +Functions are the computational engine of modern distributed applications. They often contain the most business-critical logic: authentication, personalization, API orchestration, and integrations with third-party systems. + +#### Key Differences + +| Aspect | AWS Lambda | Azion Functions | +| :----- | :--------- | :-------------- | +| **Function signature** | `exports.handler = async (event) => {}` | `export default { async fetch(request) {} }` | +| **Runtime** | Node.js, Python, Java, Go, .NET, Ruby | JavaScript (V8 isolates) | +| **Memory** | 128 MB - 10,240 MB | 512 MB (default) | +| **Timeout** | 1 sec - 15 min | Configurable per execution | +| **Cold starts** | Common (regional, VPC-cold) | Minimized (distributed nodes) | +| **Event sources** | SQS, SNS, Kinesis, DynamoDB, API Gateway | HTTP requests, scheduled triggers | + +#### Update Function Signature + + { + const body = JSON.parse(event.body); + const pathParams = event.pathParameters; + const queryParams = event.queryStringParameters; + + // Process request + return { + statusCode: 200, + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ message: 'Hello', data: body }) + }; +}; + +// After: Azion Functions +export default { + async fetch(request) { + const body = await request.json(); + const url = new URL(request.url); + const queryParams = Object.fromEntries(url.searchParams); + + // Process request + return new Response(JSON.stringify({ message: 'Hello', data: body }), { + status: 200, + headers: { 'Content-Type': 'application/json' } + }); + } +}; +`} /> + +#### Event Context Migration + + { + const requestId = context.awsRequestId; + const functionName = context.functionName; + const remainingTime = context.getRemainingTimeInMillis(); + + // Request metadata from API Gateway + const sourceIp = event.requestContext.identity.sourceIp; + const userAgent = event.requestContext.identity.userAgent; + const country = event.headers['CloudFront-Viewer-Country']; + + return { statusCode: 200, body: 'OK' }; +}; + +// After: Azion Functions +export default { + async fetch(request, env, ctx) { + // Request metadata + const requestId = request.headers.get('x-request-id'); + const userAgent = request.headers.get('user-agent'); + const country = request.metadata['geoip_country_code']; + const city = request.metadata['geoip_city']; + + // Geo metadata available directly + const region = request.metadata['geoip_region']; + + return new Response('OK', { status: 200 }); + } +}; +`} /> + +#### Environment Variables Migration + + + +#### Cold Start Comparison + +AWS Lambda cold starts vary significantly based on runtime, memory allocation, and VPC configuration. Azion Functions minimize cold starts through distributed node placement: + +| Scenario | AWS Lambda Cold Start | Azion Functions Cold Start | +| :------- | :-------------------- | :------------------------- | +| Node.js (no VPC) | 100-300ms | Minimal | +| Node.js (with VPC) | 500ms-2s | N/A (no VPC concept) | +| Java/Spring | 1-5s | N/A | +| Python | 100-500ms | N/A | + +:::note +Azion Functions use V8 isolates (JavaScript runtime), providing consistent performance without the cold start variability of container-based Lambda. If you have Lambda functions in Java, Python, or other runtimes, you will need to rewrite them in JavaScript. +::: + +#### Reference documentation + +* [Functions](https://www.azion.com/en/documentation/products/build/applications/functions/) +* [Functions Instances](https://www.azion.com/en/documentation/products/build/applications/functions-instances/) +* [Runtime APIs](https://www.azion.com/en/documentation/products/build/develop-with-azion/runtime-apis/) +* [JavaScript Runtime APIs reference](https://www.azion.com/en/documentation/runtime-apis/javascript/) + +### 7. Migrating Load Balancing (ALB/NLB to Load Balancer) + +Load balancing distributes traffic across multiple origins for high availability and performance. Azion Load Balancer provides health checks, steering policies, and origin failover at the distributed infrastructure. + +#### Key Differences + +| Aspect | AWS ALB/NLB | Azion Load Balancer | +| :----- | :---------- | :------------------ | +| **Health checks** | HTTP, HTTPS, TCP | HTTP, HTTPS, TCP | +| **Steering policies** | Round-robin, Least connections, IP hash | Round-robin, Least connections, Geo | +| **Failover** | Target group failover | Origin-level failover | +| **Session affinity** | Cookie, IP hash | Cookie, IP hash | +| **Targets** | EC2, Lambda, IP addresses | Connectors (origins) | +| **Protocol** | Layer 4 (NLB), Layer 7 (ALB) | Layer 7 (HTTP/HTTPS) | + +#### Configuration Steps + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Products menu** > **Connectors**. +3. Create a **Connector** for each origin server. +4. Configure health checks for each origin. +5. In your **Application**, configure origins with load balancing settings. +6. Set origin weights for weighted distribution. +7. Enable session affinity if needed. + + + + + + + +#### Load Balancer Module Configuration + + + +#### ALB Target Group Migration + +| AWS ALB Config | Azion Equivalent | +| :------------- | :--------------- | +| Target Group | Connector | +| Health Check Path | Connector health check path | +| Health Check Interval | Connector health check interval | +| Healthy Threshold | Health check success threshold | +| Unhealthy Threshold | Health check failure threshold | + +#### Reference documentation + +* [Load Balancer](https://www.azion.com/en/documentation/products/secure/connectors/load-balancer/) +* [Connectors](https://www.azion.com/en/documentation/products/secure/connectors/) +* [Application Main Settings](https://www.azion.com/en/documentation/products/build/applications/main-settings/) + +### 8. Migrating Cache Configuration + +Caching configuration determines how content is stored and served from node locations. Azion Cache provides fine-grained control with Tiered Cache support for improved hit ratios. + +#### Key Differences + +| Aspect | AWS CloudFront Cache | Azion Cache | +| :----- | :------------------- | :---------- | +| **Cache levels** | Regional edge caches + Edge locations | Tiered Cache + Cache + Browser Cache | +| **Cache key** | Cache policy + origin request policy | Customizable via Rules Engine | +| **Purge** | Invalidations (path-based) | URL, Cache Key, Wildcard purge | +| **Stale content** | Origin shield, stale-while-revalidate | Stale-while-revalidate | +| **TTL limits** | Default 24h, max 1 year | Per-rule configuration | + +#### CloudFront Cache Policies to Azion Cache Settings + +| CloudFront Cache Policy | Azion Equivalent | +| :---------------------- | :--------------- | +| CachingOptimized | Default Cache Settings with high TTL | +| CachingDisabled | Bypass Cache behavior in Rules Engine | +| Elemental-MediaPackage | Custom Cache Settings for streaming | +| Custom policy | Cache Settings + Rules Engine | + +#### Configuration Steps + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Edit your **Application**. +3. Navigate to **Cache Settings**. +4. Configure default cache TTL. +5. Enable **Tiered Cache** for improved hit ratio. +6. Add custom cache rules via **Rules Engine**. + + + + +:::note +Cache settings are managed as sub-resources under applications. You must specify both the `application_id` and the `cache_setting_id` to update cache configuration. +::: + + + +#### Cache Key Customization + +In CloudFront, cache keys are defined by cache policies. In Azion, use **Advanced Cache Key** in Cache Settings: + +**Example: Vary cache by query strings** + + + +#### CloudFront Invalidation to Azion Purge + + + +#### Reference documentation + +* [Cache](https://www.azion.com/en/documentation/products/build/applications/cache/) +* [Cache Settings](https://www.azion.com/en/documentation/products/build/applications/cache-settings/) +* [Tiered Cache](https://www.azion.com/en/documentation/products/build/applications/cache/tiered-cache/) +* [Real-Time Purge](https://www.azion.com/en/documentation/products/build/applications/real-time-purge/) + +### 9. Migrating Image Optimization + +Image optimization reduces image file sizes while maintaining visual quality. Azion Image Processor transforms, optimizes, and delivers images from the distributed locations with automatic format selection. + +#### Key Differences + +| Aspect | AWS CloudFront + Lambda@Edge | Azion Image Processor | +| :----- | :-------------------------- | :-------------------- | +| **Storage** | S3 origin | Object Storage integration | +| **Transformations** | Custom Lambda@Edge | Built-in transformations | +| **URL format** | Custom implementation | `?ims=` query parameter | +| **Format support** | Custom implementation | WebP, AVIF, JPEG, PNG | +| **Signed URLs** | CloudFront signed URLs | Secure Token | + +#### URL Format Comparison + + + +#### Transformation Parameters + +Azion Image Processor uses the `ims` query parameter for transformations: + +| Syntax | Description | Example | +| :----- | :---------- | :------ | +| `?ims=WxH` | Resize to width x height | `?ims=400x300` | +| `?ims=Wx` | Resize to width (auto height) | `?ims=400x` | +| `?ims=xH` | Resize to height (auto width) | `?ims=x300` | +| `?ims=WxH:fill` | Crop to exact dimensions | `?ims=400x300:fill` | +| `?ims=WxH:fit` | Fit within dimensions | `?ims=400x300:fit` | + +#### Configuration Steps + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Edit your **Application**. +3. Navigate to **Image Processor** settings. +4. Enable Image Processor. +5. Configure default quality and format settings. +6. Set up Object Storage as image source (optional). + + + + +:::note +The `image_processor` configuration must be nested under `modules` in the request body. Image Processor settings are managed at the application level. +::: + + + +:::note +Azion Image Processor automatically optimizes image format based on the client's `Accept` header, serving WebP or AVIF to supported browsers. +::: + +#### Reference documentation + +* [Image Processor](https://www.azion.com/en/documentation/products/build/applications/image-processor/) +* [How to process images](https://www.azion.com/en/documentation/products/guides/build/process-images/) +* [Object Storage](https://www.azion.com/en/documentation/products/store/object-storage/) + +### 10. Migrating AI Workloads (Bedrock to AI Inference) + +AI inference enables low-latency AI-powered features in applications. Azion AI Inference provides GPU-backed inference for text and visual models at the distributed infrastructure. + +#### Key Differences + +| Aspect | AWS Bedrock | Azion AI Inference | +| :----- | :---------- | :----------------- | +| **Model access** | Managed foundation models | Custom model deployment | +| **Inference API** | Bedrock Runtime API | REST API + Functions | +| **Model types** | Claude, Llama, Titan, Stable Diffusion | Custom models, LLMs | +| **GPU support** | Managed infrastructure | Dedicated GPU instances | +| **Pricing** | Per-token / per-image | Per-inference | + +#### Configuration Steps + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **AI Inference** (via Marketplace or Functions). +3. Deploy a model or use pre-built templates. +4. Configure inference endpoint. +5. Integrate with your application via Functions. + + + + + + + +#### Bedrock to Azion Migration Example + + + +#### Reference documentation + +* [AI Inference](https://www.azion.com/en/documentation/products/ai/ai-inference/) +* [AI Inference models](https://www.azion.com/en/documentation/products/ai/ai-inference/models/) +* [AI Inference Starter Kit](https://www.azion.com/en/documentation/products/guides/ai-inference-starter-kit/) + +### 11. Migrating Orchestration (Step Functions, EventBridge) + +AWS Step Functions and EventBridge provide workflow orchestration and event routing. Azion achieves similar patterns through Functions chaining and Data Streaming for event-driven architectures. + +#### Key Differences + +| Aspect | AWS Step Functions | Azion Functions Chaining | +| :----- | :----------------- | :---------------------- | +| **Workflow definition** | ASL (Amazon States Language) | JavaScript/TypeScript | +| **State management** | Built-in state machine | Custom implementation | +| **Error handling** | Retry, catch, fallback | Try/catch in Functions | +| **Visualization** | Workflow Studio | Code-based | + +| Aspect | AWS EventBridge | Azion Data Streaming | +| :----- | :-------------- | :------------------- | +| **Event routing** | Rules and targets | Data Streaming + Functions | +| **Event patterns** | Pattern matching | Custom Functions logic | +| **Targets** | 100+ AWS services | HTTP endpoints, Functions | + +#### Step Functions to Functions Chaining + + + +#### EventBridge to Data Streaming + +", 100] }] + } +} + +// Target: Lambda function for processing + +// After: Azion Data Streaming + Functions +// Configure Data Streaming to send events to your Function endpoint +// Then process in Function: + +export default { + async fetch(request) { + const events = await request.json(); + + for (const event of events) { + if (event.source === 'com.mycompany.orders' && + event.type === 'OrderCreated' && + event.data.amount > 100) { + // Process high-value order + await processHighValueOrder(event.data); + } + } + + return new Response('OK'); + } +}; +`} /> + +#### Reference documentation + +* [Functions](https://www.azion.com/en/documentation/products/build/applications/functions/) +* [Data Streaming](https://www.azion.com/en/documentation/products/observe/data-streaming/) + + +## Secure + +The Secure category covers domains, DNS, certificates, firewall rules, and protection against malicious traffic. Plan these migrations as controlled cutovers, since they affect how users reach your application and how it is protected in production. + +### 1. Migrating Custom Domains + +Custom domain migration is one of the most sensitive parts of any platform transition. It affects users, SEO, brand trust, and production availability. Plan domain migration as a controlled cutover, not a last-minute DNS change. + +#### Migration Strategies + +| Strategy | Best For | DNS Control | +| :------- | :------- | :---------- | +| **CNAME** | Quick subdomain migration | Keep Route 53 as DNS provider | +| **Nameserver** | Full DNS control and apex domains | Transfer DNS to Azion | + +#### Create the Certificate + +Create your SSL/TLS certificate **before** pointing your domain to Azion. This ensures users can access the application securely over HTTPS when the domain starts resolving to the new infrastructure. + +Azion provides free Let's Encrypt certificates with automatic renewal. + +#### Configure the Domain + +Create a workload in Azion Console and associate your custom domain. See [Workloads Documentation](https://www.azion.com/en/documentation/products/secure/workloads/). + +#### Point the Domain to Azion + + + CNAME Migration + Nameserver Migration + + +Update your Route 53 hosted zone to point the subdomain to Azion: + + + +This keeps Route 53 as your DNS provider while routing traffic through Azion. + + + +Configure your domain to use Azion DNS nameservers at your domain registrar: + + + +This gives Azion full DNS control, required for apex domains. + + + +#### Verify Propagation + + + +:::caution[warning] +Before switching production traffic, confirm: certificate is active, domain is associated with correct workload, DNS records are ready, critical routes have been tested, redirects behave as expected, and monitoring is configured for post-cutover validation. +::: + +#### Reference documentation + +* [Workloads](https://www.azion.com/en/documentation/products/secure/workloads/) +* [Create an Azion custom domain](https://www.azion.com/en/documentation/products/guides/create-azion-custom-domain/) +* [Edge DNS](https://www.azion.com/en/documentation/products/secure/edge-dns/) +* [Certificate Manager](https://www.azion.com/en/documentation/products/build/applications/certificate-manager/) + +### 2. Migrating DNS to Edge DNS + +DNS configuration is foundational to application delivery. Migrating from Route 53 to Edge DNS requires careful planning to avoid downtime during the nameserver switch. + +#### Key Differences + +| Aspect | Route 53 | Azion Edge DNS | +| :----- | :------- | :------------- | +| **Nameservers** | Assigned per hosted zone | `ns1.aziondns.net`, `ns2.aziondns.com`, `ns3.aziondns.org` | +| **Record types** | A, AAAA, CNAME, MX, TXT, SRV, NS, SOA, PTR, CAA | A, AAAA, CNAME, MX, TXT, SRV, NS, CAA, PTR | +| **Routing policies** | Simple, Weighted, Latency, Failover, Geolocation | Round-robin, Geo | +| **Health checks** | Route 53 health checks | Connector health checks | +| **DNSSEC** | Supported | Supported | +| **API** | REST API | REST API v4 | +| **Anycast** | Global Anycast | Global Anycast | + +#### Migration Steps + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Products menu** > **Edge DNS**. +3. Click **+ Zone** to create a new DNS zone. +4. Enter your domain name. +5. Add DNS records matching your Route 53 configuration. +6. Note the Azion nameservers assigned to your zone. +7. Update nameservers at your domain registrar (not in Route 53). + + + + +:::note +DNS zones require `name`, `domain`, and `active` fields. DNS records use `rdata` as an array of strings (e.g., `["192.168.1.1"]` for A records, `["mail.example.com"]` for CNAME). The `entry` field specifies the record name prefix. +::: + + + +#### Record Type Mapping + +| Route 53 Record | Azion Edge DNS | Notes | +| :-------------- | :------------- | :---- | +| A | A | Direct IP mapping | +| AAAA | AAAA | IPv6 address | +| CNAME | CNAME | Alias to another domain | +| MX | MX | Mail exchange (include priority) | +| TXT | TXT | Text records (SPF, DKIM) | +| SRV | SRV | Service records | +| CAA | CAA | Certificate Authority Authorization | +| NS | NS | Nameserver delegation | +| PTR | PTR | Reverse DNS lookup | + +#### Routing Policy Migration + +| Route 53 Policy | Azion Equivalent | Implementation | +| :-------------- | :--------------- | :------------- | +| Simple | Standard record | Single record with one or more values | +| Weighted | Not directly supported | Use Functions for custom logic | +| Latency | Not directly supported | Applications handles routing | +| Failover | Not directly supported | Configure via Rules Engine | +| Geolocation | Geo routing | Available in Edge DNS | + +#### DNSSEC Configuration + +To enable DNSSEC: + +1. Navigate to your zone in Edge DNS. +2. Go to **DNSSEC** tab. +3. Enable DNSSEC. +4. Copy the DS record to your domain registrar. + + + +#### Verify Propagation + + + +#### Reference documentation + +* [Edge DNS](https://www.azion.com/en/documentation/products/secure/edge-dns/) +* [DNSSEC compatibility](https://www.azion.com/en/documentation/products/secure/edge-dns/dnssec-compatibility/) +* [Run the dig command](https://www.azion.com/en/documentation/products/guides/run-the-dig-command/) +* [Run the traceroute command](https://www.azion.com/en/documentation/products/guides/run-the-traceroute-command/) + +### 3. Migrating SSL/TLS to Certificate Manager + +SSL/TLS certificates ensure secure communication between clients and your application. Azion provides automatic certificate provisioning and supports custom certificates from AWS Certificate Manager (ACM). + +#### Key Differences + +| Area | AWS Certificate Manager | Azion Certificate Manager | +| :--- | :---------------------- | :------------------------ | +| **Certificate types** | Public, Private, Imported | Let's Encrypt, Custom, Azion SAN | +| **Validation** | DNS, Email | DNS-01, HTTP-01 | +| **Renewal** | Automatic | Automatic (Let's Encrypt) | +| **Scope** | Regional (us-east-1 for CloudFront) | Global Network | +| **mTLS** | Supported (Private CA) | Supported (Trusted CA) | +| **Cost** | Free for AWS resources | Free (Let's Encrypt) | + +#### Automatic Certificate Provisioning + +Azion automatically provisions Let's Encrypt certificates for custom domains: + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Create or edit a **Workload**. +3. Add your custom domain. +4. Azion automatically provisions a Let's Encrypt certificate. +5. Verify domain ownership (if required). +6. Wait for certificate activation (typically 5-15 minutes). + + + + +:::note +The `tls.certificate` field references an existing certificate ID from Certificate Manager. Use the Console to provision Let's Encrypt certificates automatically, or upload custom certificates via the Certificate Manager API. +::: + + + +#### Custom Certificate Upload + +For organizations with existing certificates from ACM or external CAs: + + + Console + API + + +1. Export your certificate from ACM (if applicable). +2. Go to **Products menu** > **Certificate Manager**. +3. Click **+ Certificate**. +4. Select **Custom Certificate**. +5. Upload your certificate (PEM format). +6. Upload your private key. +7. Upload intermediate CA chain (if applicable). +8. Associate the certificate with your workload. + + + + +:::note +The certificates endpoint is `/v4/workspace/tls/certificates`. The certificate and private key should be in PEM format. Intermediate CA certificates can be appended to the certificate field if needed. +::: + + + +#### mTLS Configuration + +For mutual TLS authentication: + +1. Navigate to **Certificate Manager**. +2. Upload your CA certificate as a Trusted CA. +3. Configure your workload to require client certificates. +4. See the [mTLS configuration guide](/en/documentation/products/guides/mtls/) for detailed steps. + +:::note +ACM Private CA certificates can be exported and uploaded to Azion as Trusted CA certificates for mTLS configuration. +::: + +#### Reference documentation + +* [Certificate Manager](https://www.azion.com/en/documentation/products/build/applications/certificate-manager/) +* [Firewall Certificate Manager](https://www.azion.com/en/documentation/products/secure/firewall/certificate-manager/) +* [Create a digital certificate](https://www.azion.com/en/documentation/products/guides/create-a-digital-certificate/) +* [mTLS](https://www.azion.com/en/documentation/products/secure/firewall/mtls/) + +### 4. Migrating WAF to Web Application Firewall + +Web Application Firewall protects applications from malicious traffic, SQL injection, cross-site scripting (XSS), and other application-layer attacks. Migrating AWS WAF rules requires careful mapping of rule logic and understanding differences in rule construction. + +#### Key Differences + +| Aspect | AWS WAF | Azion WAF | +| :----- | :------ | :-------- | +| **Rule language** | JSON-based rules | Rules Engine criteria | +| **Managed rules** | AWS Managed Rules, Marketplace rules | Azion-managed rulesets | +| **Custom rules** | Web ACL with rules | Rules Engine for Firewall | +| **OWASP coverage** | Core rule set via managed rules | OWASP Top 10 coverage | +| **Scope** | Regional or CloudFront | Global Network | +| **Mode options** | Count, Block | Learning, Blocking | + +#### Migration Steps + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Products menu** > **Firewall**. +3. Select or create a Firewall instance. +4. Navigate to **WAF** tab. +5. Enable desired managed rulesets (SQL Injection, XSS, etc.). +6. Configure sensitivity level per ruleset. +7. Create custom rules in **Rules Engine** tab. +8. Associate the Firewall with your application. + + + + +:::note +WAF instances are created via the `/v4/workspace/wafs` endpoint. The `engine_settings` configuration defines threat detection rulesets and sensitivity thresholds. For custom WAF rules, use the Firewall Rules Engine. +::: + + + +#### Rule Migration Example + +Convert AWS WAF rule to Azion Rules Engine: + +**AWS WAF JSON rule:** + + +**Azion criteria:** + + +:::note +Azion WAF operates in Learning mode by default, analyzing traffic patterns before active blocking. Use this mode to validate rule behavior before switching to Blocking mode. +::: + +#### AWS Managed Rules to Azion Rulesets Mapping + +| AWS Managed Rule Group | Azion Equivalent | +| :--------------------- | :--------------- | +| AWSManagedRulesCommonRuleSet | General Attack Detection | +| AWSManagedRulesSQLiRuleSet | SQL Injection ruleset | +| AWSManagedRulesXSSRuleSet | XSS ruleset | +| AWSManagedRulesLinuxRuleSet | OS Command Injection | +| AWSManagedRulesPHPAppRuleSet | Included in General Detection | + +#### Reference documentation + +* [Web Application Firewall](https://www.azion.com/en/documentation/products/secure/firewall/web-application-firewall/) +* [Rules Engine for Firewall](https://www.azion.com/en/documentation/products/secure/firewall/rules-engine/) +* [Functions for Firewall](https://www.azion.com/en/documentation/products/secure/firewall/functions/) + +### 5. Migrating DDoS Protection + +DDoS protection guards against volumetric attacks, protocol attacks, and application layer attacks. Azion provides automatic DDoS mitigation with no configuration required for most attack types. + +#### Key Differences + +| Aspect | AWS Shield | Azion DDoS Protection | +| :----- | :--------- | :-------------------- | +| **Standard protection** | Automatic, no cost | Automatic, no cost | +| **Advanced protection** | AWS Shield Advanced (additional cost) | Managed rules + Rules Engine | +| **Layer coverage** | L3, L4, L7 | L3, L4, L7 | +| **DDoS response team** | Shield Advanced only | Enterprise support | +| **Cost protection** | Shield Advanced includes cost protection | Standard protection | + +#### Automatic Protection + +Azion DDoS Protection activates automatically for all applications. No manual configuration is required for standard protection against: + +* Volumetric attacks (UDP floods, ICMP floods) +* Protocol attacks (SYN floods, packet fragmentation) +* Application layer attacks (HTTP floods, slowloris) + +#### Advanced Configuration + +For applications requiring specific DDoS policies: + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Products menu** > **Firewall**. +3. Select your Firewall instance. +4. Navigate to **DDoS Protection** tab. +5. Configure threshold settings. +6. Enable/disable specific mitigation rules. +7. Set up alert notifications. + + + + +:::note +DDoS protection is a module configured within the Firewall resource, not a separate endpoint. Configure it through the `modules.ddos_protection` field when creating or updating a Firewall instance. +::: + + + +#### Network Shield + +For network-layer protection, use Azion Network Shield: + +* Provides L3/L4 DDoS protection +* Works with Edge DNS for traffic filtering +* Integrates with Firewall for unified security + +#### Reference documentation + +* [DDoS Protection](https://www.azion.com/en/documentation/products/secure/firewall/ddos-protection/) +* [DDoS Mitigation](https://www.azion.com/en/documentation/products/secure/firewall/ddos-protection/ddos-mitigation/) +* [Network Shield](https://www.azion.com/en/documentation/products/secure/firewall/network-shield/) + +### 6. Migrating Bot Management + +Bot management protects applications from automated threats while allowing legitimate bots. Azion Bot Manager provides detection, challenge, and mitigation capabilities. + +#### Key Differences + +| Aspect | AWS Bot Control | Azion Bot Manager | +| :----- | :-------------- | :---------------- | +| **Detection** | Machine learning, heuristics, fingerprinting | Machine learning, behavioral analysis, fingerprinting, Reputation Intelligence | +| **Challenge** | CAPTCHA, silent challenge | JavaScript injection (fingerprinting), ALTCHA (via redirect) | +| **Actions** | Allow, Count, Block, CAPTCHA | Allow, Deny, Drop, Redirect, Custom HTML, Random Delay, Hold Connection | +| **Lite version** | Not available | Bot Manager Lite (Marketplace) | + +#### Bot Manager Lite (Marketplace) + +For basic bot protection, install Bot Manager Lite from Azion Marketplace: + + + Console + Marketplace + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Marketplace**. +3. Search for **Bot Manager Lite**. +4. Click **Install**. +5. Configure detection sensitivity. +6. Set up response actions (challenge, block). +7. Associate with your Firewall instance. + + + +Bot Manager Lite provides: +* Score-based bot detection with configurable threshold +* Multiple response actions (deny, drop, redirect, custom HTML) +* IP reputation validation via network lists +* Adjustable tolerance levels (soft, medium, hard) + + + +#### Custom Bot Rules + +Create custom rules to handle specific bots: + + + +#### Verification + + + +#### Reference documentation + +* [Bot Manager](https://www.azion.com/en/documentation/products/secure/firewall/bot-manager/) +* [Bot Manager Lite](https://www.azion.com/en/documentation/products/secure/firewall/bot-manager-lite/) +* [Bot Manager Lite integration kit](https://www.azion.com/en/documentation/products/guides/bot-manager-lite-integration-kit/) +* [Radware Bot Manager](https://www.azion.com/en/documentation/products/guides/radware-bot-manager/) + +### 7. Migrating Rate Limiting + +Rate limiting protects applications from abuse by limiting request rates per client. Azion provides rate limiting through Firewall rules and Functions. + +#### Key Differences + +| Aspect | AWS WAF Rate Limiting | Azion Rate Limiting | +| :----- | :-------------------- | :----------------- | +| **Configuration** | Rate-based rules in Web ACL | Firewall rules + Functions | +| **Granularity** | Path, method, IP, header | Path, method, IP, custom | +| **Actions** | Block, Count | Block, Log | +| **Window** | 1 minute to 1 hour | Customizable | +| **Scope** | Regional or CloudFront | Global Network | + +#### Firewall-Based Rate Limiting + +Configure rate limiting in Firewall Rules Engine: + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Firewall** > **Rules Engine**. +3. Create a new rule. +4. Set criteria (path, method, etc.). +5. Add **Rate Limit** behavior. +6. Configure requests per second/minute. +7. Set action (Block, Log). + + + + +:::note +Firewall rules are created under `/v4/workspace/firewalls/{firewall_id}/request_rules`. The path follows the workspace resource pattern. +::: + + + +#### Reference documentation + +* [Rules Engine for Firewall](https://www.azion.com/en/documentation/products/secure/firewall/rules-engine/) +* [Functions for Firewall](https://www.azion.com/en/documentation/products/secure/firewall/functions/) +* [Functions Instances for Firewall](https://www.azion.com/en/documentation/products/secure/firewall/functions-instances/) + +### 8. Migrating Security Services + +AWS provides multiple security services for threat detection and vulnerability management. Azion offers comparable protection through Firewall and Network Lists. + +#### Key Differences + +| Aspect | AWS Security Services | Azion Equivalent | +| :----- | :-------------------- | :--------------- | +| **Threat detection** | GuardDuty | Firewall + Network Lists | +| **Vulnerability scanning** | Inspector | External scanning + Firewall | +| **Security Hub** | Centralized findings | Real-Time Events + Firewall logs | +| **Threat intelligence** | GuardDuty threat feeds | Network Lists (Tor, known malicious IPs) | + +#### Network Lists for Threat Intelligence + +Azion provides Network Lists that include threat intelligence data: + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Products menu** > **Network Lists**. +3. View available Azion-maintained lists: + * **Tor Nodes**: Known Tor exit nodes + * **Malicious IPs**: Known malicious IP addresses + * **Geo-blocking**: Country-based lists +4. Create custom lists for your specific needs. +5. Reference lists in Firewall rules. + + + + +:::note +Network Lists are created via `/v4/workspace/network_lists`. Use the list ID in Firewall rules with the `is_in_network_list` operator to block traffic from known malicious sources. +::: + + + +#### Migration Considerations + +When migrating from AWS security services: + +1. **GuardDuty findings**: Export findings and create corresponding Firewall rules for IP-based threats. +2. **Inspector vulnerabilities**: Address application vulnerabilities before migration; Azion WAF provides runtime protection. +3. **CloudTrail logs**: Configure Real-Time Events for comparable visibility. +4. **Security Hub**: Use Azion Real-Time Events and external SIEM integration. + +#### Reference documentation + +* [Network Lists](https://www.azion.com/en/documentation/products/secure/firewall/network-lists/) +* [Real-Time Events](https://www.azion.com/en/documentation/products/observe/real-time-events/) +* [Data Streaming](https://www.azion.com/en/documentation/products/observe/data-streaming/) + +## Store + +The Store category covers data services. Migrate objects, key-value data, and relational databases with attention to consistency, access patterns, and application compatibility. + +### 1. Migrating S3 to Object Storage + +Object storage powers files that matter to users and business operations: images, documents, static assets, media files, uploads, and generated content. Azion Object Storage provides S3-compatible storage with zero data transfer out cost. + +#### Key Differences + +| Aspect | Amazon S3 | Azion Object Storage | +| :----- | :-------- | :------------------- | +| **Endpoint** | `https://s3.amazonaws.com/bucket` | `https://s3.us-east-005.azionstorage.net` | +| **S3 endpoint** | `s3.amazonaws.com` | `s3.us-east-005.azionstorage.net` | +| **Region** | Multiple regions | `us-east-005` | +| **Data transfer out** | Charged per GB | Zero cost | +| **Storage class** | Standard, Intelligent-Tiering, Glacier | Standard | +| **Bucket limits** | 100 per account (default) | 100 per account (default) | + +#### Update Configuration + +Update your S3 client configuration to use Azion Object Storage: + + + +#### Create S3 Credentials + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Object Storage**. +3. Navigate to **S3 Credentials** tab. +4. Click **+ Credential**. +5. Select the bucket or account scope. +6. Configure capabilities (read, write, delete, list). +7. Save the access key and secret key securely. + + + + +:::note +S3 credentials are created via the `/v4/workspace/storage/s3_credentials` endpoint. The `capabilities` field defines which operations the credential can perform. Save the returned `secret_key` immediately as it cannot be retrieved later. +::: + + + +#### Migrate Data with s3cmd + +[s3cmd](https://s3cmd.org) is a command-line tool for managing S3-compatible storage services. It's an effective option for migrating data from Amazon S3 to Azion Object Storage. + +1. Install `s3cmd` and run `s3cmd --configure` to set up your Azion credentials: + +* **Access Key / Secret Key:** Enter the keys generated for Azion Object Storage. +* **Default Region:** `us-east-005` (s3cmd also accepts `us-east` for interactive configuration). +* **S3 Endpoint:** `s3.us-east-005.azionstorage.net`. +* **DNS template:** `%(bucket).s3.us-east-005.azionstorage.net`. +* **Use HTTPS protocol:** `true`. + +2. Use the following commands to migrate your data: + +| Command | Description | +| :------ | :---------- | +| `s3cmd ls` | Lists all buckets. | +| `s3cmd put file.png s3://my-bucket/` | Uploads an object. | +| `s3cmd get s3://my-bucket/file.png` | Downloads an object. | +| `s3cmd sync s3://aws-bucket/ s3://azion-bucket/` | Syncs between buckets. | + +#### Migrate Data with AWS CLI + +Configure AWS CLI with Azion credentials: + + + +#### Migrate Data with rclone + +[rclone](https://rclone.org) supports syncing between different storage providers: + + + +:::note +Migrate data using familiar tools such as s3cmd, rclone, or AWS CLI. Before migration, map buckets, object prefixes, public/private assets, access patterns, and signed URL logic. +::: + +#### Use Bucket as Origin + +Configure Object Storage as an origin for your Application: + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Connectors**. +3. Create a new Connector with type **Object Storage**. +4. Select your bucket. +5. Configure the prefix (optional). +6. Associate the Connector with your Application. + + + + +:::note +Connectors are created via `/v4/workspace/connectors`. Use `type: "object_storage"` and specify the bucket name. The optional `prefix` field limits objects served to a specific path within the bucket. +::: + + + +#### Reference documentation + +* [Object Storage](https://www.azion.com/en/documentation/products/store/object-storage/) +* [How to access Object Storage using the S3 protocol](https://www.azion.com/en/documentation/products/guides/s3-protocol-for-object-storage/) +* [Create and modify a bucket](https://www.azion.com/en/documentation/products/guides/create-and-modify-bucket/) +* [Upload and download objects](https://www.azion.com/en/documentation/products/guides/upload-and-download-objects-from-bucket/) +* [Use a bucket as origin](https://www.azion.com/en/documentation/products/store/storage/use-bucket-as-origin/) +* [Storage library reference](https://www.azion.com/en/documentation/products/azion-lib/storage/) + +### 2. Migrating DynamoDB to KV Store / SQL Database + +DynamoDB is a serverless key-value and document database. The migration destination depends on your use case: key-value operations map to KV Store, while complex queries map to SQL Database. + +#### Key Differences + +| Aspect | Amazon DynamoDB | Azion KV Store | Azion SQL Database | +| :----- | :-------------- | :------------- | :----------------- | +| **Data model** | Key-value, document | Key-value | Relational (SQLite) | +| **Query capability** | Key lookups, queries, scans | Key lookups, hash operations | Full SQL | +| **Global replication** | Global Tables (multi-Region) | Global by default | Main/Replicas architecture | +| **Consistency** | Eventually consistent, strong | Eventual | Strong (ACID) | +| **Indexing** | GSI, LSI | Not supported | Full SQL indexing | +| **Capacity mode** | On-demand, provisioned | Serverless | Serverless | + +#### Migration Decision Guide + +| DynamoDB Feature | Recommended Azion Service | +| :--------------- | :------------------------ | +| Primary key lookups | KV Store | +| Simple key-value operations | KV Store | +| Session storage | KV Store | +| Feature flags, configuration | KV Store | +| Complex queries with filters | SQL Database | +| Secondary index queries | SQL Database | +| Aggregations, joins | SQL Database | +| Relational data model | SQL Database | + +#### Migrate to KV Store + +For key-value workloads, use KV Store with a Redis-like API: + + console.error('KV Error:', err)) + .connect(); + +// Before: DynamoDB GetItem +// const result = await dynamodb.getItem({ +// TableName: 'Users', +// Key: { userId: { S: '123' } } +// }).promise(); + +// After: KV Store get +const userData = await client.get('user:123'); + +// Before: DynamoDB PutItem +// await dynamodb.putItem({ +// TableName: 'Users', +// Item: { userId: { S: '123' }, name: { S: 'John' } } +// }).promise(); + +// After: KV Store set +await client.set('user:123', JSON.stringify({ name: 'John' }), { + expiration: { type: 'EX', value: 3600 } // 1 hour TTL +}); +`} /> + +#### Create a KV Store + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **KV Store**. +3. Click **+ Store**. +4. Enter a name for your store. +5. Configure settings. +6. Click **Save**. + + + + +:::note +KV Store namespaces are created via `/v4/workspace/kv/namespaces`. Use the namespace name in your Functions to interact with the store. +::: + + + +#### Migrate to SQL Database + +For complex query workloads, migrate to SQL Database: + + :date' +// }).promise(); + +// After: SQL Database query +const orders = await db.query( + 'SELECT * FROM orders WHERE customer_id = ? AND order_date > ?', + ['customer-123', '2024-01-01'] +); + +// Iterate results +let row = await orders.next(); +while (row) { + console.log(row.getString(0)); // access column by index + row = await orders.next(); +} +`} /> + +#### Create a SQL Database + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **SQL Database**. +3. Click **+ Database**. +4. Enter a name for your database. +5. Create tables using SQL Shell or API. +6. Import your data. + + + + +:::note +SQL Database instances are created via `/v4/workspace/sql/databases`. Use SQL Shell or the API to create tables and import data. +::: + + + +#### Export DynamoDB Data + +Export DynamoDB data and transform for import: + + + +#### Global Tables Migration + +DynamoDB Global Tables provide multi-Region replication. KV Store is global by default: + +| DynamoDB Global Tables | Azion KV Store | +| :--------------------- | :------------- | +| Multi-Region replication | Global by default | +| Conflict resolution: Last writer wins | Automatic synchronization | +| Eventual consistency | Low-latency global access | +| Additional cost per replicated write | No additional replication cost | + +#### Reference documentation + +* [KV Store](https://www.azion.com/en/documentation/products/store/kv-store/) +* [KV library (azion/kv)](https://www.azion.com/en/documentation/products/azion-lib/kv/) +* [SQL Database](https://www.azion.com/en/documentation/products/store/sql-database/) +* [Create a database](https://www.azion.com/en/documentation/products/store/sql/create-database/) +* [Install SQL Shell](https://www.azion.com/en/documentation/products/store/sql/install-edge-sql-shell/) +* [Import data into SQL Database](https://www.azion.com/en/documentation/products/guides/import-data-sql-database/) + +### 3. Migrating RDS/Aurora to SQL Database + +Relational database migration moves your transactional data and SQL workloads to Azion SQL Database. Azion SQL Database is SQLite-compatible and provides ACID compliance with a distributed Main/Replicas architecture. + +#### Key Differences + +| Aspect | Amazon RDS/Aurora | Azion SQL Database | +| :----- | :---------------- | :----------------- | +| **Engine** | MySQL, PostgreSQL, MariaDB, Oracle, SQL Server | SQLite | +| **Compatibility** | Engine-specific | PostgreSQL-compatible API | +| **Architecture** | Primary/Replicas | Main/Replicas (distributed) | +| **Connection** | Connection string, connection pooling | Runtime API (no connection pooling needed) | +| **Transactions** | ACID | ACID | +| **Scaling** | Vertical scaling, read replicas | Distributed architecture | +| **Region** | Single or multi-Region | Global Network | + +#### PostgreSQL to SQL Database Migration + +For PostgreSQL workloads, Azion SQL Database provides a familiar SQL interface: + +\`); + row = await result.next(); +} +`} /> + +#### Create a SQL Database + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **SQL Database**. +3. Click **+ Database**. +4. Enter a name for your database. +5. Click **Save**. +6. Use **SQL Shell** to create tables and import data. + + + + +:::note +SQL Database instances are created via `/v4/workspace/sql/databases`. Use the query endpoint to execute DDL statements for table creation. +::: + + + +#### Export and Import Data + +Export data from RDS/Aurora and import to SQL Database: + + export.sql + +# For Aurora, you can also use Snapshot Export to S3 +aws rds start-export-task \\ + --export-task-identifier my-export \\ + --source-arn arn:aws:rds:region:account:cluster:my-aurora-cluster \\ + --s3-bucket-name my-export-bucket \\ + --export-only data + +# Import to Azion SQL Database via SQL Shell +# Connect to SQL Shell and run the export.sql file +# Or use the import API +`} /> + +#### Data Type Mapping + +| PostgreSQL Type | SQLite Equivalent | +| :-------------- | :---------------- | +| INTEGER, BIGINT, SMALLINT | INTEGER | +| SERIAL, BIGSERIAL | INTEGER (auto-increment) | +| VARCHAR(n), CHAR(n), TEXT | TEXT | +| BOOLEAN | INTEGER (0 or 1) | +| REAL, DOUBLE PRECISION | REAL | +| DECIMAL, NUMERIC | REAL | +| DATE, TIME, TIMESTAMP | TEXT (ISO 8601 format) | +| JSON, JSONB | TEXT (use JSON functions) | +| UUID | TEXT | +| BYTEA | BLOB | + +#### Reference documentation + +* [SQL Database](https://www.azion.com/en/documentation/products/store/sql-database/) +* [Vector Search](https://www.azion.com/en/documentation/products/store/sql-database/vector-search/) +* [Create a database](https://www.azion.com/en/documentation/products/store/sql/create-database/) +* [Install SQL Shell](https://www.azion.com/en/documentation/products/store/sql/install-edge-sql-shell/) +* [SQL Database Shell commands](https://www.azion.com/en/documentation/products/store/sql/sql-database-shell-commands/) +* [Import data into SQL Database](https://www.azion.com/en/documentation/products/guides/import-data-sql-database/) +* [SQL Database API reference](https://www.azion.com/en/documentation/runtime/api-reference/sql-database/) + +### 4. Migrating ElastiCache to Cache / KV Store + +ElastiCache provides in-memory caching with Redis or Memcached. Azion provides caching through Cache and key-value storage through KV Store. + +#### Key Differences + +| Aspect | Amazon ElastiCache | Azion Cache | Azion KV Store | +| :----- | :---------------- | :---------- | :------------- | +| **Type** | In-memory cache | Cache | Distributed key-value | +| **Engines** | Redis, Memcached | HTTP cache | Redis-like API | +| **Persistence** | Optional (Redis AOF/RDB) | Time-based TTL | Persistent | +| **Data structures** | Strings, hashes, lists, sets, sorted sets | HTTP responses | Strings, hashes | +| **Replication** | Cluster mode, replication groups | Global Network | Global by default | +| **Access** | TCP connection | HTTP request/response | Runtime API | + +#### Migration Decision Guide + +| ElastiCache Use Case | Recommended Azion Service | +| :------------------- | :------------------------ | +| HTTP response caching | Cache | +| Session storage | KV Store | +| Rate limiting counters | KV Store | +| Feature flags | KV Store | +| Database query caching | Cache + Functions | +| Pub/Sub messaging | Functions + KV Store | +| Leaderboards, sorted sets | SQL Database | +| Complex data structures | SQL Database | + +#### Migrate Redis Caching to KV Store + +For Redis-like key-value operations, use KV Store: + + console.error('KV Error:', err)) + .connect(); + +// Before: Redis SET with expiration +// await redis.set('session:abc123', JSON.stringify(sessionData), 'EX', 3600); + +// After: KV Store set with expiration +await client.set('session:abc123', JSON.stringify(sessionData), { + expiration: { type: 'EX', value: 3600 } +}); + +// Before: Redis GET +// const data = await redis.get('session:abc123'); + +// After: KV Store get +const data = await client.get('session:abc123'); + +// Before: Redis DEL +// await redis.del('session:abc123'); + +// After: KV Store delete +await client.delete('session:abc123'); +`} /> + +#### Reference documentation + +* [KV Store](https://www.azion.com/en/documentation/products/store/kv-store/) +* [KV library (azion/kv)](https://www.azion.com/en/documentation/products/azion-lib/kv/) +* [Cache](https://www.azion.com/en/documentation/products/build/applications/cache/) +* [Cache Settings](https://www.azion.com/en/documentation/products/build/applications/cache-settings/) +* [Tiered Cache](https://www.azion.com/en/documentation/products/build/applications/cache/tiered-cache/) +* [Rules Engine for Applications](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) + +## Observe + +The Observe category covers analytics, metrics, logs, and distributed tracing. Migrating observability ensures you keep production visibility, troubleshooting capabilities, and compliance reporting after the cutover. + +### 1. Migrating CloudWatch Metrics to Real-Time Metrics + +CloudWatch Metrics provides monitoring for AWS resources and applications. Azion Real-Time Metrics delivers comparable capabilities through a GraphQL API and integrated dashboards with near real-time data aggregation. + +#### Key Differences + +| Aspect | Amazon CloudWatch Metrics | Azion Real-Time Metrics | +| :----- | :------------------------ | :---------------------- | +| **Data freshness** | Near real-time (1-5 minutes) | Near real-time (up to 10 minutes) | +| **Retention** | 15 months (standard) | 2 years | +| **Query method** | GetMetricStatistics API, CloudWatch Insights | GraphQL API, Console dashboards | +| **Metrics** | Custom metrics, namespace-based | Request, bandwidth, latency, cache, WAF, DNS | +| **Granularity** | 1 second to 1 day | Adaptive intervals (minute/hour/day) | +| **Dashboards** | CloudWatch Dashboards | Real-Time Metrics + Grafana plugin | +| **Alarms** | CloudWatch Alarms | External monitoring via Data Stream | + +#### Available Metrics + +Azion Real-Time Metrics provides comprehensive monitoring across product categories: + +**Build metrics:** +- **Applications**: Total requests, data transferred, status codes, bandwidth saving, average request time +- **Functions**: Total invocations, execution time +- **Image Processor**: Total requests, requests per second +- **Tiered Cache**: Caching offload, L2 offload + +**Secure metrics:** +- **WAF**: Threats vs requests, SQL injection, XSS, RFI, threats by country +- **Edge DNS**: Total queries +- **Bot Manager**: Bot hits, bad bot hits, good bot hits, traffic classification + +**Observe metrics:** +- **Data Stream**: Total data streamed, total requests + +#### Configuration Steps + + + Console + API (GraphQL) + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Products menu** > **Real-Time Metrics**. +3. Select a category tab (Build, Secure, Observe). +4. Select a product tab to view specific metrics. +5. Configure **Time range** (Last Hour, 24 Hours, 7 Days, 30 Days, 6 Months). +6. Use **Filters** to refine analysis by host, status code, or other dimensions. +7. Click the context menu on any chart to export CSV or copy the GraphQL query. + + + + +:::note +Real-Time Metrics uses the GraphQL API at `https://console.azion.com/metrics/graphql`. Queries support filtering by time range, aggregation functions (sum, avg), grouping, and ordering. The API returns up to 10,000 lines per query. +::: + + + +#### GraphQL Query Examples + +**Query requests by status code:** + + + +**Query WAF threats by country:** + + + +**Query data transferred for specific host:** + + + +#### CloudWatch Alarm Migration + +CloudWatch Alarms notify on metric thresholds. Azion doesn't provide built-in alerting, but you can achieve similar functionality: + +| CloudWatch Alarm | Azion Equivalent | +| :--------------- | :--------------- | +| Metric threshold alarm | Configure alerts in external monitoring (Datadog, Splunk) via Data Stream | +| Composite alarms | Functions with custom logic + Data Stream | +| Anomaly detection | External SIEM/analytics platforms | + +#### Grafana Integration + +Use the Azion Grafana plugin for custom dashboards: + + + +Reference the [Grafana plugin documentation](https://github.com/aziontech/grafana-plugin) for dashboard configuration. + +#### Reference documentation + +* [Real-Time Metrics](https://www.azion.com/en/documentation/products/observe/real-time-metrics/) +* [Real-Time Metrics first steps](https://www.azion.com/en/documentation/products/observe/real-time-metrics/first-steps/) +* [Historical Real-Time Metrics](https://www.azion.com/en/documentation/products/observe/historical-real-time-metrics/) +* [Analyze metrics](https://www.azion.com/en/documentation/products/guides/observe/analyze-metrics/) +* [Grafana plugin custom dashboards](https://www.azion.com/en/documentation/products/guides/azion-plugin-grafana-custom-dash/) +* [Grafana plugin pre-built dashboards](https://www.azion.com/en/documentation/products/guides/azion-plugin-grafana-pre-built-dash/) + +### 2. Migrating CloudWatch Logs to Real-Time Events + +CloudWatch Logs collects and stores log data from AWS resources. Azion Real-Time Events provides immediate log access through Console or GraphQL API for real-time troubleshooting and investigation. + +#### Key Differences + +| Aspect | Amazon CloudWatch Logs | Azion Real-Time Events | +| :----- | :--------------------- | :--------------------- | +| **Access method** | GetLogEvents API, CloudWatch Logs Insights | Real-time query via Console or GraphQL API | +| **Latency** | Seconds to minutes | Seconds | +| **Retention** | 1 day to 10 years (configurable) | 7 days (168 hours), 2 years for Activity History | +| **Query language** | CloudWatch Logs Insights (SQL-like) | GraphQL queries | +| **Log groups** | Log groups with log streams | Data sources by product type | +| **Metric filters** | Create metrics from logs | Use Data Stream for custom processing | + +#### Data Sources Mapping + +| CloudWatch Log Group | Azion Real-Time Events Data Source | +| :------------------- | :--------------------------------- | +| /aws/cloudfront/... | HTTP Requests | +| /aws/lambda/... | Functions | +| /aws/waf/... | HTTP Requests (WAF fields) | +| /aws/route53/... | Edge DNS | +| CloudTrail | Activity History | + +#### Configuration Steps + + + Console + API (GraphQL) + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Products menu** > **Real-Time Events**. +3. Select the **Data Source** tab (HTTP Requests, Functions, Edge DNS, etc.). +4. Configure **Time filter** (Last 15 minutes to Last 7 days, or Custom time range). +5. Add filters to narrow results (host, status, remote address, etc.). +6. Click **Search** to query logs. +7. Click any row to see detailed log information in **More details** view. + + + + +:::note +Real-Time Events GraphQL API queries data from the last 168 hours (7 days). For Activity History, queries can span up to 2 years. The API supports filtering, ordering, and pagination with cursor-based navigation. +::: + + + +#### CloudWatch Logs Insights to GraphQL Migration + +Convert CloudWatch Logs Insights queries to Real-Time Events GraphQL: + +**CloudWatch Logs Insights query:** += 500 +| sort @timestamp desc +| limit 100 +`} /> + +**Azion GraphQL equivalent:** + + +#### Available Variables by Data Source + +**HTTP Requests:** +- Request metadata: `ts`, `remoteAddress`, `remotePort`, `host`, `requestUri`, `requestMethod`, `status` +- Performance: `requestTime`, `upstreamResponseTime`, `upstreamHeaderTime` +- Bandwidth: `bytesSent`, `requestLength`, `upstreamBytesReceived`, `upstreamBytesSent` +- Cache: `upstreamCacheStatus` +- Security: `wafBlock`, `wafMatch`, `wafScore`, `wafLearning` +- Geo: `geoipCountryName`, `geoipRegionName`, `geoipAsn` +- TLS: `sslCipher`, `sslProtocol` + +**Functions:** +- `functionId`, `functionsList`, `functionsTime`, `functionLanguage` + +**Edge DNS:** +- `level`, `qType`, `resolutionType`, `statusCode`, `zoneId` + +#### Log-Based Metrics + +To create metrics from logs (equivalent to CloudWatch metric filters), use Data Stream: + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Products menu** > **Data Stream**. +3. Click **+ Stream**. +4. Select **Applications** as data source. +5. Use **Custom Template** to select specific variables. +6. Choose an endpoint (Datadog, Splunk, Elasticsearch, etc.). +7. Configure the destination for log processing. +8. Activate the stream. + + + + + + + +#### Reference documentation + +* [Real-Time Events](https://www.azion.com/en/documentation/products/observe/real-time-events/) +* [Real-Time Events first steps](https://www.azion.com/en/documentation/products/observe/real-time-events/first-steps/) +* [Investigate requests with the GraphQL API](https://www.azion.com/en/documentation/products/guides/observe/investigate-requests-graphql-api/) +* [Configure sampling](https://www.azion.com/en/documentation/products/guides/observe/configure-sampling/) + +### 3. Migrating X-Ray to Data Stream + +AWS X-Ray provides distributed tracing and request tracing across services. Azion Data Stream enables streaming of observability data to external destinations for distributed tracing analysis. + +#### Key Differences + +| Aspect | AWS X-Ray | Azion Data Stream | +| :----- | :-------- | :---------------- | +| **Trace collection** | Automatic with X-Ray SDK | Stream logs to external tracing systems | +| **Service map** | Built-in service map visualization | External tools (Datadog, Jaeger, Splunk) | +| **Trace analysis** | X-Ray console | External tracing platforms | +| **Annotations** | Custom key-value pairs | Custom log templates | +| **Sampling** | Configurable sampling rules | Configurable sampling percentage | +| **Destinations** | X-Ray console, CloudWatch | 10+ external destinations | + +#### Tracing Data Flow Migration + +| AWS X-Ray Concept | Azion Equivalent | +| :---------------- | :--------------- | +| Segments | Request/response log entries | +| Subsegments | Functions execution logs | +| Service graph | Built in external tracing tools (Datadog, Jaeger) | +| Trace ID propagation | Custom headers via Rules Engine or Functions | +| Annotations | Log variables in Data Stream template | + +#### Configuration Steps + + + Console + API + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Products menu** > **Data Stream**. +3. Click **+ Stream**. +4. Select **Applications** as data source for request tracing. +5. Select **Functions** as additional data source for function execution traces. +6. Create a **Custom Template** with trace-related variables: + - `$request_id` (unique trace identifier) + - `$ts` (timestamp) + - `$upstream_addr` (origin address) + - `$upstream_response_time` (response time) + - `$request_uri`, `$status`, `$host` +7. Choose a tracing-compatible endpoint (Datadog, Splunk, Elasticsearch, Kafka). +8. Configure destination credentials. +9. Activate the stream. + + + + +:::note +Data Stream uses `/v4/workspace/stream/streams` endpoint. Configure custom templates with trace-relevant variables. The `$request_id` field provides a unique identifier for correlating requests across services. +::: + + + +#### Trace ID Propagation + +To enable distributed tracing across services, propagate trace context via HTTP headers: + +**Using Rules Engine:** + + + +**Using Functions:** + + + +#### Supported Endpoints for Tracing + +Data Stream supports multiple endpoints suitable for distributed tracing: + +| Endpoint | Use Case | +| :------- | :------- | +| **Datadog** | Full APM and distributed tracing | +| **Splunk** | Log analytics and tracing | +| **Elasticsearch** | Search and trace correlation | +| **Apache Kafka** | Stream to Jaeger, Zipkin, or custom tracing | +| **Google BigQuery** | Data warehouse for trace analysis | +| **AWS Kinesis Data Firehose** | Integration with AWS X-Ray or other AWS services | +| **Standard HTTP/HTTPS POST** | Custom tracing systems | + +#### Data Firehose Migration + +AWS Kinesis Data Firehose delivers streaming data to destinations. Azion Data Stream provides similar capabilities: + +| AWS Kinesis Data Firehose | Azion Data Stream | +| :------------------------ | :---------------- | +| S3 destination | S3 endpoint (any S3-compatible storage) | +| Redshift destination | BigQuery or custom HTTP endpoint | +| Elasticsearch destination | Elasticsearch endpoint | +| HTTP endpoint | Standard HTTP/HTTPS POST | +| Data transformation (Lambda) | Functions for preprocessing | + +**Configure Data Stream for S3:** + + + +#### CloudWatch RUM to Edge Pulse + +CloudWatch RUM provides real user monitoring. Azion Edge Pulse delivers comparable capabilities: + +| Aspect | CloudWatch RUM | Azion Edge Pulse | +| :----- | :------------- | :--------------- | +| **Data collection** | JavaScript SDK | JavaScript SDK | +| **Metrics** | Page load, Core Web Vitals, JavaScript errors | Real user metrics, performance data | +| **Session replay** | Available | Available via integration | +| **Custom events** | Custom events API | Custom events via SDK | + +Configure Edge Pulse for real user monitoring: + + + Console + + +1. Access [Azion Console](https://console.azion.com/). +2. Go to **Products menu** > **Edge Pulse**. +3. Create a new Pulse instance. +4. Configure the JavaScript snippet for your application. +5. Add the snippet to your application's HTML. +6. Configure data collection settings. +7. View metrics in Real-Time Metrics under Edge Pulse. + + + +#### Reference documentation + +* [Data Stream](https://www.azion.com/en/documentation/products/observe/data-stream/) +* [Data Stream first steps](https://www.azion.com/en/documentation/products/observe/data-stream/first-steps/) +* [Use Data Stream](https://www.azion.com/en/documentation/products/guides/use-data-stream/) +* Connectors: [Amazon S3](https://www.azion.com/en/documentation/products/guides/endpoint-amazon-s3/), [Azion Object Storage](https://www.azion.com/en/documentation/products/guides/connector-azion-object-storage/), [Datadog](https://www.azion.com/en/documentation/products/guides/endpoint-datadog/), [Splunk](https://www.azion.com/en/documentation/products/guides/endpoint-splunk/), [Elasticsearch](https://www.azion.com/en/documentation/products/guides/endpoint-elasticsearch/), [Kinesis](https://www.azion.com/en/documentation/products/guides/endpoint-amazon-kinesis/), [BigQuery](https://www.azion.com/en/documentation/products/guides/endpoint-google-bigquery/) +* [Edge Pulse](https://www.azion.com/en/documentation/products/observe/edge-pulse/) + +## Troubleshooting + +| Problem | Likely Cause | Solution | +| :------ | :----------- | :------- | +| DNS not resolving | Nameserver propagation delay | Wait up to 48 hours after updating nameservers; verify with `dig yourdomain.com NS` | +| Certificate validation fails | Domain ownership not verified | Confirm DNS TXT record or HTTP challenge is accessible; check Certificate Manager status | +| Function returns `process.env not defined` | Node.js environment variable syntax used | Use `Azion.env.get('VARIABLE_NAME')` instead of `process.env.VARIABLE_NAME` | +| Cache not purging as expected | Purge request still processing | Wait 5-10 minutes; verify purge via `curl -I` to check headers; use wildcard purge for broad changes | +| WAF rules blocking legitimate traffic | Sensitivity too high or false positive | Switch WAF to Learning mode first; review blocked requests in Real-Time Events; adjust sensitivity | +| Origin connection timeouts | Connector misconfiguration or origin unavailable | Verify Connector address and port; check origin health; increase timeout in Connector settings | +| SSL handshake failures | Certificate mismatch or incomplete chain | Verify certificate covers the domain; include intermediate CA in certificate chain; check TLS minimum version | +| CORS errors on API requests | Missing CORS headers in response | Add CORS headers via Rules Engine: `Access-Control-Allow-Origin`, `Access-Control-Allow-Methods` | +| Lambda function signature errors | CloudFront event structure differs from Azion | Update function to use `fetch(request, env, ctx)` signature; access request via `request` object | +| DynamoDB queries fail after migration | KV Store API syntax differs | Update code to use `KVStore` from `azion:kv`; check key naming conventions | +| S3 uploads fail with 403 | Incorrect credentials or endpoint | Verify Access Key and Secret Key; confirm endpoint is `s3.us-east-005.azionstorage.net` | +| CloudWatch metrics not appearing | Data Stream not configured | Set up Data Stream to export metrics; verify destination credentials and format | + +## Key Advantages After Migration + +| Capability | Before (AWS) | After (Azion) | +| :--------- | :----------- | :------------ | +| **Unified platform** | Multiple consoles for CloudFront, Lambda, S3, Route 53, WAF, CloudWatch | Single console for compute, storage, security, and observability | +| **Cold starts** | Possible on Lambda (especially with VPC) | Minimized with distributed V8 isolates | +| **Global distribution** | Regions and edge locations (200+ PoPs) | Azion platform locations worldwide with consistent performance | +| **Pricing model** | Per-service billing, data transfer fees, request counts | Simpler consolidated billing; zero DTO cost for Object Storage | +| **Observability** | CloudWatch with separate dashboards, logs, and alarms | Real-Time Metrics and Events with instant access via Console or GraphQL API | +| **Security integration** | WAF, Shield, IAM as separate services | Built-in WAF, DDoS Protection, Bot Manager integrated with workloads | + +## Next Steps + +After your migration is complete: + +* Review [Real-Time Metrics](https://www.azion.com/en/documentation/products/observe/real-time-metrics/) to monitor application performance +* Set up [Real-Time Events](https://www.azion.com/en/documentation/products/observe/real-time-events/) for production visibility +* Configure [Web Application Firewall](https://www.azion.com/en/documentation/products/secure/firewall/web-application-firewall/) for production security +* Review the individual feature guides for advanced configuration +* Set up [Data Stream](https://www.azion.com/en/documentation/products/observe/data-stream/) to export logs to your existing SIEM or analytics tools + +### Get Started with a Small Project + +The best way to begin is not with the most complex application in your portfolio. Start with a project that is meaningful enough to validate the migration path, but small enough to move quickly and safely. + +Choose an application or workload that includes representative pieces of your architecture: a CloudFront distribution, a few Lambda functions, an S3 bucket, maybe a DynamoDB table. Use that project to validate the workflow, document the process, and identify internal patterns your team can reuse. + +From there, expand gradually. Migrate more complex cache behaviors. Move additional functions. Bring over storage and database workloads. Add observability. Review security rules. Then prepare production cutovers with greater confidence. + +### Recommended Next Steps + +* [Create your free Azion account](https://console.azion.com/signup) +* [Read the Applications documentation](https://www.azion.com/en/documentation/products/build/applications/) +* [Explore the Azion CLI](https://www.azion.com/en/documentation/products/azion-cli/overview/) +* [Join the Azion community](https://www.azion.com/en/documentation/community/) + +## Need Help? + +Get help from [the Azion Support team](https://www.azion.com/en/documentation/), or join our [Discord community](https://discord.gg/azion) to see how others are using Azion. From d1ea35c8978449eb88cd34e0caa7e57535b42a3d Mon Sep 17 00:00:00 2001 From: VitorAEltz Date: Wed, 20 May 2026 18:28:28 -0300 Subject: [PATCH 2/2] Refactor code structure for improved readability and maintainability --- .../aws-to-azion-comprehensive-guide.mdx | 50 - .../aws-to-azion-comprehensive-guide.mdx | 3101 +++++++++++++++++ 2 files changed, 3101 insertions(+), 50 deletions(-) create mode 100644 src/content/docs/pt-br/pages/guias/aws-to-azion/aws-to-azion-comprehensive-guide.mdx diff --git a/src/content/docs/en/pages/guides/aws-to-azion/aws-to-azion-comprehensive-guide.mdx b/src/content/docs/en/pages/guides/aws-to-azion/aws-to-azion-comprehensive-guide.mdx index f344eec2d8..614f8fbcbe 100644 --- a/src/content/docs/en/pages/guides/aws-to-azion/aws-to-azion-comprehensive-guide.mdx +++ b/src/content/docs/en/pages/guides/aws-to-azion/aws-to-azion-comprehensive-guide.mdx @@ -37,31 +37,6 @@ The Azion migration approach preserves your application logic while transitionin The following tables provide a comprehensive mapping of AWS products to their Azion equivalents. A dash (`-`) indicates that Azion does not currently offer a direct equivalent. -### Basic AWS Terminology - -| AWS Product | Description | Azion Equivalent | -| :---------- | :---------- | :--------------- | -| **Amazon CloudFront** | AWS CDN for delivering static content, dynamic content, APIs, applications, and video globally. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) | -| **AWS Lambda** | General-purpose serverless compute for event-driven code execution. | [Functions for Applications](https://www.azion.com/en/documentation/products/build/applications/functions/) | -| **Amazon S3** | Object storage for unstructured data, static assets, backups, archives, and websites. | [Object Storage](https://www.azion.com/en/documentation/products/store/object-storage/) | -| **Amazon DynamoDB** | Serverless key-value and document database. | [KV Store](https://www.azion.com/en/documentation/products/store/kv-store/) | -| **AWS WAF** | Web application firewall for protecting applications and APIs. | [Firewall](https://www.azion.com/en/documentation/products/secure/firewall/) / [WAF](https://www.azion.com/en/documentation/products/secure/firewall/web-application-firewall/) | -| **Amazon Route 53** | Authoritative DNS, domain registration, routing policies, and health checks. | [Edge DNS](https://www.azion.com/en/documentation/products/secure/edge-dns/) | -| **Amazon CloudWatch** | Collect, query, visualize, and alarm on service and application metrics and logs. | [Real-Time Metrics](https://www.azion.com/en/documentation/products/observe/real-time-metrics/) + [Real-Time Events](https://www.azion.com/en/documentation/products/observe/real-time-events/) | - -### AWS Configuration - -| AWS Reference | Description | Azion Equivalent | -| :------------ | :---------- | :--------------- | -| **CloudFront Cache Policies** | Control cache keys, TTLs, headers, cookies, query strings, and compression. | [Cache](https://www.azion.com/en/documentation/products/build/applications/cache/) | -| **CloudFront Origin Request Policies** | Control which request values CloudFront forwards to origin. | [Rules Engine](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) | -| **Lambda Environment Variables** | Environment variables for Lambda function configuration. | [Variables](https://www.azion.com/en/documentation/products/functions/environment-variables/) | -| **AWS CLI** | Command-line interface for managing AWS services. | [Azion CLI](https://www.azion.com/en/documentation/products/azion-cli/overview/) | -| **AWS CloudFormation** | Infrastructure as Code service for modeling and provisioning AWS resources. | [Terraform Provider](https://www.azion.com/en/documentation/products/terraform-provider/) | -| **Lambda Runtime Environment** | Runtime layer used by Lambda functions. | [Azion Runtime](https://www.azion.com/en/documentation/products/build/applications/runtime/) | - -### Delivery & CDN - | AWS Product | Description | Azion Equivalent | | :---------- | :---------- | :--------------- | | **Amazon CloudFront** | AWS CDN for delivering static content, dynamic content, APIs, applications, and video globally. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) | @@ -80,11 +55,6 @@ The following tables provide a comprehensive mapping of AWS products to their Az | **AWS Elemental MediaLive** | Real-time live video encoding. | [Live Ingest](https://www.azion.com/en/documentation/products/media/live-ingest/) | | **AWS Elemental MediaPackage** | Package and originate live video streams for HLS, DASH, and related formats. | [Live Ingest](https://www.azion.com/en/documentation/products/media/live-ingest/) + [Applications](https://www.azion.com/en/documentation/products/build/applications/) | | **CloudFront for live streaming** | Deliver live video globally using CloudFront with AWS Media Services. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) + [Live Ingest](https://www.azion.com/en/documentation/products/media/live-ingest/) | - -### Compute & AI - -| AWS Product | Description | Azion Equivalent | -| :---------- | :---------- | :--------------- | | **AWS Lambda** | General-purpose serverless compute for event-driven code execution. | [Functions for Applications](https://www.azion.com/en/documentation/products/build/applications/functions/) | | **Amazon API Gateway** | Create and manage REST, HTTP, and WebSocket APIs with backend integrations. | [Applications](https://www.azion.com/en/documentation/products/build/applications/) + [Functions](https://www.azion.com/en/documentation/products/build/applications/functions/) | | **API Gateway request validation / throttling** | Apply API request controls, throttling, and validation rules. | [Rules Engine](https://www.azion.com/en/documentation/products/build/applications/rules-engine/) + [Firewall](https://www.azion.com/en/documentation/products/secure/firewall/) | @@ -95,11 +65,6 @@ The following tables provide a comprehensive mapping of AWS products to their Az | **Amazon Bedrock Fine-Tuning** | Customize foundation models with fine-tuning for specific use cases. | [LoRA Fine-Tune](https://www.azion.com/en/documentation/products/build/applications/ai-inference/lora-fine-tune/) | | **Amazon Bedrock Custom Model Import** | Import customized foundation models into Bedrock. | [AI Inference](https://www.azion.com/en/documentation/products/ai/ai-inference/) + [LoRA Fine-Tune](https://www.azion.com/en/documentation/products/build/applications/ai-inference/lora-fine-tune/) | | **Amazon SageMaker AI Real-Time Inference** | Deploy ML models to managed real-time inference endpoints. | [AI Inference](https://www.azion.com/en/documentation/products/ai/ai-inference/) | - -### Storage & Database - -| AWS Product | Description | Azion Equivalent | -| :---------- | :---------- | :--------------- | | **Amazon S3** | Object storage for unstructured data, static assets, backups, archives, and websites. | [Object Storage](https://www.azion.com/en/documentation/products/store/object-storage/) | | **Amazon S3 Static Website Hosting** | Host static websites from S3 buckets. | [Object Storage](https://www.azion.com/en/documentation/products/store/object-storage/) + [Applications](https://www.azion.com/en/documentation/products/build/applications/) | | **S3 Object Lambda** | Transform S3 objects with Lambda before returning them to the requester. | [Object Storage](https://www.azion.com/en/documentation/products/store/object-storage/) + [Functions](https://www.azion.com/en/documentation/products/build/applications/functions/) | @@ -107,11 +72,6 @@ The following tables provide a comprehensive mapping of AWS products to their Az | **Amazon Aurora DSQL** | Serverless distributed relational SQL database for transactional workloads. | [SQL Database](https://www.azion.com/en/documentation/products/store/sql-database/) | | **Amazon DynamoDB** | Serverless key-value and document database. | [KV Store](https://www.azion.com/en/documentation/products/store/kv-store/) | | **DynamoDB Global Tables** | Multi-Region replication for globally distributed NoSQL data. | [KV Store](https://www.azion.com/en/documentation/products/store/kv-store/) | - -### Security, DNS & Load Balancing - -| AWS Product | Description | Azion Equivalent | -| :---------- | :---------- | :--------------- | | **AWS WAF** | Web application firewall for protecting applications and APIs. | [WAF](https://www.azion.com/en/documentation/products/secure/firewall/web-application-firewall/) / [Firewall](https://www.azion.com/en/documentation/products/secure/firewall/) | | **AWS Managed Rules for AWS WAF** | Managed rule groups for common vulnerabilities and unwanted traffic. | [WAF Rule Sets](https://www.azion.com/en/documentation/products/secure/firewall/waf-rule-sets/) | | **AWS WAF custom rules** | Create custom match conditions and actions for web requests. | [Rules Engine for Firewall](https://www.azion.com/en/documentation/products/secure/firewall/rules-engine/) | @@ -133,21 +93,11 @@ The following tables provide a comprehensive mapping of AWS products to their Az | **AWS Certificate Manager** | Provision, import, manage, deploy, and renew SSL/TLS certificates. | [Certificate Manager](https://www.azion.com/en/documentation/products/build/applications/certificate-manager/) | | **AWS Private CA** | Create and operate private certificate authorities. | [Certificate Manager](https://www.azion.com/en/documentation/products/build/applications/certificate-manager/) | | **AWS Private CA for client authentication** | Private PKI patterns for certificate-based client authentication. | [mTLS](https://www.azion.com/en/documentation/products/secure/firewall/mtls/) | - -### Orchestration - -| AWS Product | Description | Azion Equivalent | -| :---------- | :---------- | :--------------- | | **AWS IoT Greengrass** | Run AWS-managed edge components and local processing on edge devices. | [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | | **AWS IoT Greengrass deployments** | Deploy components and configurations to edge devices. | [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | | **Amazon ECS Anywhere** | Register and manage on-premises or external servers in ECS clusters. | [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | | **AWS Outposts** | Run AWS infrastructure and services on customer premises. | [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | | **AWS Systems Manager Hybrid Activations** | Manage non-EC2 machines in hybrid and multicloud environments. | [Orchestrator](https://www.azion.com/en/documentation/products/orchestrator/) | - -### DevTools - -| AWS Product | Description | Azion Equivalent | -| :---------- | :---------- | :--------------- | | **Amazon CloudWatch Metrics** | Collect, query, visualize, and alarm on service and application metrics. | [Real-Time Metrics](https://www.azion.com/en/documentation/products/observe/real-time-metrics/) | | **Amazon CloudWatch Logs** | Collect, monitor, query, and analyze logs. | [Real-Time Events](https://www.azion.com/en/documentation/products/observe/real-time-events/) | | **CloudWatch Logs Insights** | Query and investigate logs interactively. | [Real-Time Events](https://www.azion.com/en/documentation/products/observe/real-time-events/) | diff --git a/src/content/docs/pt-br/pages/guias/aws-to-azion/aws-to-azion-comprehensive-guide.mdx b/src/content/docs/pt-br/pages/guias/aws-to-azion/aws-to-azion-comprehensive-guide.mdx new file mode 100644 index 0000000000..1a66f846a7 --- /dev/null +++ b/src/content/docs/pt-br/pages/guias/aws-to-azion/aws-to-azion-comprehensive-guide.mdx @@ -0,0 +1,3101 @@ +--- +title: Migre da AWS para a Azion | Guia completo de migração para aplicações modernas +description: >- + Aprenda a migrar da AWS para a Azion com menos risco operacional. Migre CloudFront, Lambda, S3, DynamoDB, Route 53, WAF e outros serviços AWS para Azion Applications, Functions, Object Storage, KV Store, Edge DNS e produtos de segurança. A Azion oferece um caminho completo de migração de serviços de compute, storage, banco de dados, segurança e observabilidade da AWS para uma plataforma de edge unificada. +meta_tags: 'Azion, AWS, migração, edge computing, serverless, CloudFront, Lambda, S3' +namespace: docs_guides_aws_to_azion +permalink: /documentacao/produtos/guias/aws-guia-migracao/ +--- + +import Tabs from '~/components/tabs/Tabs' +import Code from '~/components/Code/Code.astro' + +# Migre da AWS para a Azion + +Uma migração de plataforma geralmente começa muito antes de o primeiro arquivo de configuração ser alterado. Começa quando uma equipe percebe que seu ambiente atual não oferece mais o mesmo nível de clareza, velocidade ou controle que antes. + +Para equipes que usam AWS, esse momento costuma vir depois de anos de complexidade acumulada: distribuições CloudFront com comportamentos de cache em camadas, funções Lambda com dependências de runtime, buckets S3 com políticas de acesso em evolução, tabelas DynamoDB com capacidade provisionada, zonas Route 53 com health checks, regras WAF com grupos de regras gerenciadas e alarmes CloudWatch com métricas customizadas. Cada serviço funciona, mas em conjunto eles criam overhead operacional que desacelera o desenvolvimento. + +Para equipes que usam Amazon CloudFront, AWS Lambda, Amazon S3, Amazon DynamoDB, Amazon Route 53, AWS WAF, AWS Shield, Amazon CloudWatch ou outros serviços AWS, a Azion oferece recursos equivalentes por meio de Applications, Functions, Object Storage, KV Store, Edge DNS, Web Application Firewall, DDoS Protection, Real-Time Metrics e Real-Time Events. + +O motivo mais forte para migrar não é simplesmente substituir um fornecedor por outro. É consolidar compute, storage, banco de dados, entrega, segurança e observabilidade em uma plataforma unificada projetada para aplicações distribuídas globalmente. + +## Como Funciona a Migração da AWS para a Azion + +Migrações de plataforma tradicionais frequentemente exigem reescrever a lógica da aplicação, reconfigurar a infraestrutura do zero e gerenciar múltiplos serviços desconectados. Essa abordagem cria risco operacional, estende prazos e fragmenta o conhecimento da equipe entre diferentes padrões de configuração. + +A abordagem de migração da Azion preserva a lógica da sua aplicação enquanto faz a transição para uma plataforma unificada: + +1. **Caminho de migração incremental.** Comece com um único projeto, valide cada camada independentemente e expanda com confiança. Não é necessário migrar tudo de uma vez. + +2. **Lógica de aplicação preservada.** Functions, políticas de cache, configurações de origem e serviços de dados mapeiam diretamente para equivalentes na Azion com mudanças mínimas de código, principalmente atualizações de sintaxe para acesso a ambiente e imports de serviços. + +3. **Modelo de plataforma unificado.** Em vez de gerenciar compute, storage, bancos de dados, segurança e observabilidade como camadas desconectadas, a Azion reúne esses recursos com APIs consistentes e padrões de configuração. + +## Mapeamento de Recursos + +As tabelas a seguir fornecem um mapeamento abrangente dos produtos AWS para seus equivalentes na Azion. Um traço (`-`) indica que a Azion atualmente não oferece um equivalente direto. + +| Produto AWS | Descrição | Equivalente Azion | +| :---------- | :---------- | :--------------- | +| **Amazon CloudFront** | CDN da AWS para entregar conteúdo estático, conteúdo dinâmico, APIs, aplicações e vídeo globalmente. | [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) | +| **CloudFront Distributions** | Recurso principal de entrega do CloudFront para domínios, origens, comportamento de cache, certificados, segurança e configurações de entrega no edge. | [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) | +| **CloudFront Alternate Domain Names** | Configura domínios customizados para distribuições CloudFront. | [Workloads](https://www.azion.com/pt-br/documentacao/produtos/secure/workloads/) | +| **CloudFront Cache Behaviors** | Comportamento de entrega baseado em caminho, política de cache, política de requisição à origem, métodos permitidos e associações de edge function. | [Rules Engine para Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/rules-engine/) | +| **CloudFront Cache Policies** | Controla cache keys, TTLs, cabeçalhos, cookies, query strings e compressão. | [Cache](https://www.azion.com/pt-br/documentacao/produtos/build/applications/cache/) | +| **CloudFront Origin Request Policies** | Controla quais valores da requisição o CloudFront encaminha para a origem. | [Rules Engine](https://www.azion.com/pt-br/documentacao/produtos/build/applications/rules-engine/) | +| **CloudFront Response Headers Policies** | Adiciona ou modifica cabeçalhos de resposta, como cabeçalhos de segurança e CORS. | [Rules Engine para Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/rules-engine/) | +| **CloudFront Origin Shield** | Camada adicional de cache centralizado para reduzir carga na origem e melhorar cache hit ratio. | [Tiered Cache](https://www.azion.com/pt-br/documentacao/produtos/build/applications/cache/tiered-cache/) | +| **CloudFront Invalidation** | Remove conteúdo dos caches de edge do CloudFront antes da expiração. | [Real-Time Purge](https://www.azion.com/pt-br/documentacao/produtos/build/applications/real-time-purge/) | +| **CloudFront Functions** | Execução leve de JavaScript no edge para redirects, rewrites, cabeçalhos e normalização de cache key. | [Functions para Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions/) | +| **Lambda@Edge** | Funções Node.js ou Python acionadas por eventos do CloudFront para customizar a entrega. | [Functions para Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions/) | +| **Lambda@Edge for security logic** | Usa funções acionadas pelo CloudFront para validação de requisições, autenticação ou lógica de bloqueio. | [Functions para Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/functions/) | +| **CloudFront Device Detection** | Detecta tipo de dispositivo e encaminha metadados de dispositivo para a origem. | [Device Groups](https://www.azion.com/pt-br/documentacao/produtos/build/applications/device-groups/) | +| **AWS Elemental MediaLive** | Codificação de vídeo ao vivo em tempo real. | [Live Ingest](https://www.azion.com/pt-br/documentacao/produtos/media/live-ingest/) | +| **AWS Elemental MediaPackage** | Empacota e origina streams de vídeo ao vivo para HLS, DASH e formatos relacionados. | [Live Ingest](https://www.azion.com/pt-br/documentacao/produtos/media/live-ingest/) + [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) | +| **CloudFront for live streaming** | Entrega vídeo ao vivo globalmente usando CloudFront com AWS Media Services. | [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) + [Live Ingest](https://www.azion.com/pt-br/documentacao/produtos/media/live-ingest/) | +| **AWS Lambda** | Compute serverless de uso geral para execução de código orientada a eventos. | [Functions para Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions/) | +| **Amazon API Gateway** | Cria e gerencia APIs REST, HTTP e WebSocket com integrações de backend. | [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) + [Functions](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions/) | +| **API Gateway request validation / throttling** | Aplica controles, throttling e regras de validação a requisições de API. | [Rules Engine](https://www.azion.com/pt-br/documentacao/produtos/build/applications/rules-engine/) + [Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/) | +| **AWS Amplify Hosting** | CI/CD baseado em Git e hospedagem para aplicações web estáticas e server-side rendered. | [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) + [Azion CLI](https://www.azion.com/pt-br/documentacao/produtos/azion-cli/visao-geral/) | +| **AWS App Runner** | Faz deploy de código fonte ou imagens de container para aplicações web gerenciadas. | [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) + [Orchestrator](https://www.azion.com/pt-br/documentacao/produtos/orchestrator/) | +| **Amazon Bedrock** | Acesso a foundation models e desenvolvimento de aplicações de IA generativa. | [AI Inference](https://www.azion.com/pt-br/documentacao/produtos/ai/ai-inference/) | +| **Amazon Bedrock model inference** | Invoca foundation models para texto, imagem, embedding e casos de uso de IA generativa. | [AI Inference](https://www.azion.com/pt-br/documentacao/produtos/ai/ai-inference/) | +| **Amazon Bedrock Fine-Tuning** | Customiza foundation models com fine-tuning para casos de uso específicos. | [LoRA Fine-Tune](https://www.azion.com/pt-br/documentacao/produtos/build/applications/ai-inference/lora-fine-tune/) | +| **Amazon Bedrock Custom Model Import** | Importa foundation models customizados para o Bedrock. | [AI Inference](https://www.azion.com/pt-br/documentacao/produtos/ai/ai-inference/) + [LoRA Fine-Tune](https://www.azion.com/pt-br/documentacao/produtos/build/applications/ai-inference/lora-fine-tune/) | +| **Amazon SageMaker AI Real-Time Inference** | Faz deploy de modelos de ML em endpoints gerenciados de inferência em tempo real. | [AI Inference](https://www.azion.com/pt-br/documentacao/produtos/ai/ai-inference/) | +| **Amazon S3** | Armazenamento de objetos para dados não estruturados, assets estáticos, backups, arquivos e sites. | [Object Storage](https://www.azion.com/pt-br/documentacao/produtos/store/object-storage/) | +| **Amazon S3 Static Website Hosting** | Hospeda sites estáticos a partir de buckets S3. | [Object Storage](https://www.azion.com/pt-br/documentacao/produtos/store/object-storage/) + [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) | +| **S3 Object Lambda** | Transforma objetos S3 com Lambda antes de retorná-los ao solicitante. | [Object Storage](https://www.azion.com/pt-br/documentacao/produtos/store/object-storage/) + [Functions](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions/) | +| **S3 Object Lambda for image transformation** | Redimensiona, aplica marca d'água, redige ou transforma conteúdo recuperado do S3. | [Image Processor](https://www.azion.com/pt-br/documentacao/produtos/build/applications/image-processor/) + [Functions](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions/) | +| **Amazon Aurora DSQL** | Banco de dados SQL relacional distribuído e serverless para workloads transacionais. | [SQL Database](https://www.azion.com/pt-br/documentacao/produtos/store/sql-database/) | +| **Amazon DynamoDB** | Banco de dados serverless key-value e de documentos. | [KV Store](https://www.azion.com/pt-br/documentacao/produtos/store/kv-store/) | +| **DynamoDB Global Tables** | Replicação multi-Region para dados NoSQL distribuídos globalmente. | [KV Store](https://www.azion.com/pt-br/documentacao/produtos/store/kv-store/) | +| **AWS WAF** | Web application firewall para proteger aplicações e APIs. | [WAF](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/web-application-firewall/) / [Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/) | +| **AWS Managed Rules for AWS WAF** | Grupos de regras gerenciadas para vulnerabilidades comuns e tráfego indesejado. | [WAF Rule Sets](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/waf-rule-sets/) | +| **AWS WAF custom rules** | Cria condições de correspondência e ações customizadas para requisições web. | [Rules Engine para Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/rules-engine/) | +| **AWS WAF Bot Control** | Detecção e mitigação gerenciadas de bots. | [Bot Manager](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/bot-manager/) | +| **AWS WAF Rate-Based Rules** | Limita taxas de requisições com base em IP, cabeçalhos, URI, método ou outras chaves. | [Rules Engine](https://www.azion.com/pt-br/documentacao/produtos/build/applications/rules-engine/) + [Network Shield](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/network-shield/) | +| **AWS WAF IP Sets** | Listas reutilizáveis de IP/CIDR para regras de allow ou block. | [Network Lists](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/network-lists/) | +| **AWS Shield Standard** | Proteção DDoS padrão para recursos AWS. | [DDoS Protection](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/ddos-protection/) | +| **AWS Shield Advanced** | Proteção DDoS avançada com visibilidade e opções adicionais de mitigação. | [DDoS Protection](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/ddos-protection/) | +| **AWS Network Firewall** | Firewall de rede VPC gerenciado. | [Network Shield](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/network-shield/) | +| **Elastic Load Balancing** | Distribui tráfego entre múltiplos destinos e zonas de disponibilidade. | [Load Balancer](https://www.azion.com/pt-br/documentacao/produtos/secure/connectors/load-balancer/) | +| **Application Load Balancer** | Load balancing HTTP/HTTPS de camada 7 com roteamento em nível de aplicação. | [Load Balancer](https://www.azion.com/pt-br/documentacao/produtos/secure/connectors/load-balancer/) | +| **Network Load Balancer** | Load balancing TCP/UDP/TLS de camada 4. | [Load Balancer](https://www.azion.com/pt-br/documentacao/produtos/secure/connectors/load-balancer/) | +| **AWS Global Accelerator** | IPs Anycast globais e roteamento otimizado na rede global da AWS. | [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) + [Load Balancer](https://www.azion.com/pt-br/documentacao/produtos/secure/connectors/load-balancer/) | +| **Amazon Route 53** | DNS autoritativo, registro de domínio, políticas de roteamento e health checks. | [Edge DNS](https://www.azion.com/pt-br/documentacao/produtos/secure/edge-dns/) | +| **AWS Certificate Manager** | Provisiona, importa, gerencia, faz deploy e renova certificados SSL/TLS. | [Certificate Manager](https://www.azion.com/pt-br/documentacao/produtos/build/applications/certificate-manager/) | +| **Amazon CloudWatch Metrics** | Coleta, consulta, visualiza e cria alarmes para métricas de serviço e aplicação. | [Real-Time Metrics](https://www.azion.com/pt-br/documentacao/produtos/observe/real-time-metrics/) | +| **Amazon CloudWatch Logs** | Coleta, monitora, consulta e analisa logs. | [Real-Time Events](https://www.azion.com/pt-br/documentacao/produtos/observe/real-time-events/) | +| **Amazon Data Firehose** | Entrega dados de streaming para destinos como S3, Redshift, OpenSearch e endpoints HTTP. | [Data Stream](https://www.azion.com/pt-br/documentacao/produtos/observe/data-stream/) | +| **CloudWatch RUM** | Monitoramento de usuário real para performance de aplicações browser e mobile. | [Edge Pulse](https://www.azion.com/pt-br/documentacao/produtos/observe/edge-pulse/) | +| **AWS Management Console** | Interface web para acessar e gerenciar serviços AWS. | [Azion Console](https://console.azion.com/) | +| **AWS APIs** | Interface programática para operações de serviços AWS. | [Azion API](https://www.azion.com/pt-br/documentacao/produtos/developer/api/) | +| **AWS CLI** | Interface de linha de comando para gerenciar serviços AWS. | [Azion CLI](https://www.azion.com/pt-br/documentacao/produtos/azion-cli/visao-geral/) | +| **AWS SDKs** | SDKs específicos por linguagem para criar integrações com serviços AWS. | [SDK](https://www.azion.com/pt-br/documentacao/produtos/developer/sdk/) | +| **AWS CloudFormation** | Serviço de Infrastructure as Code para modelar e provisionar recursos AWS. | [Terraform Provider](https://www.azion.com/pt-br/documentacao/produtos/terraform-provider/) | +| **Lambda runtime environment** | Camada de runtime usada por funções Lambda. | [Azion Runtime](https://www.azion.com/pt-br/documentacao/produtos/build/applications/runtime/) | + +## Estratégia de Migração + +A migração é organizada em torno das quatro categorias de produtos da Azion, permitindo que as equipes planejem e executem cada camada independentemente: + +- **Build**: faça deploy de aplicações, configure builds e variáveis de ambiente, migre funções Lambda, comportamentos CloudFront, roteamento, cabeçalhos, load balancing, cache, otimização de imagens e workloads de IA. +- **Secure**: migre domínios customizados, DNS Route 53, certificados SSL/TLS, regras WAF, proteção DDoS, gerenciamento de bots e rate limiting. +- **Store**: migre objetos S3, tabelas DynamoDB e bancos Aurora para Object Storage, KV Store e SQL Database. +- **Observe**: migre métricas, logs e alarmes CloudWatch para a stack de observabilidade em tempo real da Azion. + +:::note +Se você não precisa de tempo de inatividade próximo de zero, pode migrar em fases com janelas de manutenção. Isso permite parar escritas durante cada etapa de migração sem exigir sincronização paralela de dados. +::: + +## Build + +A categoria Build cobre deployment de aplicações, compute, roteamento e configuração. Comece aqui para trazer sua aplicação para a Azion e estabelecer a fundação para o resto da migração. + +### 1. Configuração do Projeto na Azion + +O primeiro passo traz sua aplicação para a Azion de uma forma familiar para equipes que fazem deploy de projetos web modernos na AWS. Se você usou AWS CloudFormation, SAM ou CDK, já entende o padrão: definir infraestrutura como código, configurar build, fazer deploy do output e validar a URL gerada. + +#### Diferenças Principais + +| Aspecto | AWS | Azion | +| :----- | :--- | :---- | +| **Arquivo de config** | `template.yaml` (SAM) / `cdk.json` (CDK) | `azion.config.js` (JavaScript) | +| **Detecção de framework** | Configuração manual | 20+ frameworks com auto-detecção | +| **Cold starts** | Comuns (Lambda regional) | Minimizados (nós distribuídos) | +| **Conformidade** | SOC 2, ISO 27001, HIPAA | PCI DSS 4.0.1 Level 1, SOC 2 Type II | + +#### Conecte Seu Repositório + +1. Abra o [Azion Console](https://console.azion.com/). +2. Clique em **+ Create** > **Import from GitHub**. +3. Autorize o GitHub App da Azion. +4. Selecione o repositório que deseja migrar. + +:::note +Mantenha o primeiro deployment intencionalmente pequeno. Não tente migrar todas as distribuições, funções, API gateways, dependências de storage e bancos de dados de uma vez. Comece provando que a aplicação consegue fazer build e rodar na Azion. +::: + +#### Configure Seu Build + +A Azion detecta automaticamente seu framework e configura as definições de build. Sobrescreva o preset detectado em `azion.config.js`: + + + +#### Faça Deploy e Verifique + +Faça deploy pelo Azion Console ou CLI. Sua URL temporária da Azion segue este padrão: + + + +Valide o deployment: + + + +#### Documentação de referência + +* [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) +* [Applications primeiros passos](https://www.azion.com/pt-br/documentacao/produtos/build/applications/primeiros-passos/) +* [Azion CLI visão geral](https://www.azion.com/pt-br/documentacao/produtos/azion-cli/visao-geral/) +* [Importe um projeto existente do GitHub](https://www.azion.com/pt-br/documentacao/produtos/guias/importar-projeto-github/) + +### 2. Convertendo Configuração de Build + +Uma migração pode parecer bem-sucedida quando o build passa, mas falhar depois quando o comportamento de runtime difere. Revise cuidadosamente a configuração de build e deployment em vez de tratá-la como uma substituição mecânica de comandos. + +#### Referência Rápida de CLI + +| Tarefa | AWS CLI | Azion CLI | +| :--- | :------ | :-------- | +| **Instalar** | `pip install awscli` | `curl -fsSL https://cli.azion.app/install.sh \| bash` | +| **Login** | `aws configure` | `azion login` | +| **Dev local** | `sam local start-api` | `azion dev` | +| **Deploy** | `sam deploy --guided` ou `cdk deploy` | `azion deploy` | +| **Ver logs** | `aws logs tail /aws/lambda/my-function` | `azion logs` | + +#### Comparação de Configuração de Build + +| Aspecto | AWS SAM/CDK | Azion | +| :----- | :---------- | :---- | +| **Infrastructure as Code** | Templates YAML/TypeScript | Configuração JavaScript | +| **Testes locais** | Emulador SAM local | Servidor dev integrado | +| **Deployment** | Stacks CloudFormation | Deployment direto | +| **Rollback** | Stack rollback | Histórico de versões | + +#### Documentação de referência + +* [Azion CLI visão geral](https://www.azion.com/pt-br/documentacao/produtos/azion-cli/visao-geral/) +* [azion.config.js referência](https://www.azion.com/pt-br/documentacao/devtools/cli/configs/azion-config-js/) +* [azion deploy comando](https://www.azion.com/pt-br/documentacao/devtools/cli/deploy/) + +### 3. Migrando Variáveis de Ambiente + +Variáveis de ambiente contêm API keys, credenciais de banco de dados, secrets de autenticação, endpoints de serviços, feature flags e configuração específica de ambiente. Migrá-las incorretamente causa falhas de runtime mesmo quando o deployment é bem-sucedido. + +#### Diferenças Principais + +| Aspecto | AWS | Azion | +| :----- | :-- | :---- | +| **Acesso** | `process.env.VARIABLE` | `Azion.env.get('VARIABLE')` | +| **Gerenciamento de secrets** | AWS Secrets Manager / Systems Manager Parameter Store | Variáveis em Functions Instances | +| **Estágios de ambiente** | Nome do estágio no ARN da função | Contexto de ambiente na configuração | + +#### Avalie Suas Variáveis + +Antes de mudar o código, identifique todas as variáveis em: + +* AWS Lambda: variáveis de ambiente na configuração da função +* AWS Secrets Manager: valores de secret e políticas de rotação +* Systems Manager Parameter Store: parâmetros e caminhos +* Elastic Beanstalk: propriedades de ambiente +* Configurações de ambiente CI/CD (CodePipeline, CodeBuild) +* Configuração de runtime no código fonte + +#### Crie Variáveis na Azion + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Navegue para **Build > Variables**. +3. Clique em **Add Variable**. +4. Insira o nome e valor da variável. +5. Clique em **Save**. + + + + +:::note +A Azion gerencia variáveis de ambiente no nível da instância de Function, não por meio de uma API de variáveis standalone. Variáveis são configuradas como pares key-value no campo `vars` ao criar ou atualizar uma instância de function. Veja a [documentação de Functions Instances](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions-instances/) para detalhes. +::: + + + +#### Atualize Seu Código + + + +:::caution[aviso] +Evite copiar secrets em notas locais, tickets, mensagens de chat ou documentos temporários. Mantenha secrets em sistemas aprovados e limite o acesso a processos que precisam deles. +::: + +#### Documentação de referência + +* [Variáveis de Ambiente](https://www.azion.com/pt-br/documentacao/produtos/build/desenvolva-com-azion/variaveis-de-ambiente/) +* [Trabalhando com variáveis](https://www.azion.com/pt-br/documentacao/produtos/guias/deploy/trabalhe-com-variaveis/) +* [Azion referência de variáveis de ambiente de runtime](https://www.azion.com/pt-br/documentacao/produtos/functions/variaveis-de-ambiente/) + +### 4. Migrando CloudFront para Applications + +Distribuições CloudFront entregam conteúdo a partir de edge locations com cache e configuração de origem. Azion Applications oferecem recursos semelhantes com Rules Engine integrado para manipulação de requisições e respostas. + +#### Diferenças Principais + +| Aspecto | AWS CloudFront | Azion Applications | +| :----- | :------------- | :----------------- | +| **Configuração da distribuição** | XML/JSON em CloudFormation | Configuração JavaScript ou Console | +| **Origens** | S3, ALB, origens customizadas | Connectors (HTTP, Object Storage) | +| **Comportamentos** | Cache behaviors com caminhos | Rules Engine com critérios | +| **Certificados SSL** | ACM (somente us-east-1) | Digital Certificates | +| **Lambda@Edge** | Edge functions (4 triggers) | Functions (fases de requisição/resposta) | + +#### Passos de Configuração + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Navegue para **Build > Applications**. +3. Clique em **Add Application**. +4. Configure suas **Main Settings**: + - Nomeie sua aplicação + - Defina o tipo de origem (HTTP, Object Storage) + - Configure o endereço da origem +5. Configure **Cache Settings** para TTL. +6. Configure **Rules Engine** para roteamento baseado em caminho. +7. Adicione **Custom Domains** quando estiver pronto. + + + + + + + +#### Migração de Configuração de Distribuição + + + +#### Origin Request vs Viewer Request + +No CloudFront, funções Lambda@Edge são acionadas em pontos diferentes. A Azion mapeia isso para fases do Rules Engine: + +| Trigger CloudFront | Equivalente Azion | +| :----------------- | :--------------- | +| Viewer Request | Rules Engine > Request Phase | +| Origin Request | Rules Engine > Request Phase (após verificação de cache) | +| Origin Response | Rules Engine > Response Phase | +| Viewer Response | Rules Engine > Response Phase | + +#### Documentação de referência + +* [Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) +* [Applications configurações principais](https://www.azion.com/pt-br/documentacao/produtos/build/applications/configuracoes-principais/) +* [Rules Engine para Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/rules-engine/) +* [Connectors](https://www.azion.com/pt-br/documentacao/produtos/secure/connectors/) + +### 5. Migrando API Gateway para Applications + Functions + +API Gateway oferece gerenciamento de APIs REST e HTTP com authorizers, throttling e gerenciamento de stages. Azion Applications combinadas com Functions entregam recursos semelhantes com execução distribuída. + +#### Diferenças Principais + +| Aspecto | AWS API Gateway | Azion Applications + Functions | +| :----- | :-------------- | :----------------------------- | +| **Tipos de API** | REST API, HTTP API | Functions com roteamento | +| **Authorizers** | Lambda, Cognito, JWT | Functions com lógica customizada | +| **Stages** | Variáveis de stage e deployments | Configuração de ambiente | +| **Throttling** | Usage plans + rate limiting | Regras de Rate Limit | +| **Domínios customizados** | Mapeamentos de domínio | Domínios de Application | + +#### Passos de Configuração + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Navegue para **Build > Functions**. +3. Crie Functions para cada endpoint de API. +4. Navegue para **Build > Applications**. +5. Crie uma Application para sua API. +6. Configure **Rules Engine** para rotear caminhos para Functions. +7. Configure regras de rate limiting. +8. Adicione autenticação via Functions. + + + + + + + +#### Migração de API Gateway Authorizer + + { + const token = event.authorizationToken; + try { + const decoded = jwt.verify(token, process.env.JWT_SECRET); + return { + principalId: decoded.sub, + policyDocument: { + Version: '2012-10-17', + Statement: [{ + Action: 'execute-api:Invoke', + Effect: 'Allow', + Resource: event.methodArn + }] + } + }; + } catch (err) { + throw new Error('Unauthorized'); + } +}; + +// Depois: Azion Function para autorização +export default { + async fetch(request) { + const authHeader = request.headers.get('Authorization'); + if (!authHeader) { + return new Response('Unauthorized', { status: 401 }); + } + + const token = authHeader.replace('Bearer ', ''); + try { + const secret = Azion.env.get('JWT_SECRET'); + const decoded = await verifyJWT(token, secret); + + // Armazene informações do usuário em metadados da requisição para funções downstream + request.metadata['user_id'] = decoded.sub; + return request; // Continue para o próximo handler + } catch (err) { + return new Response('Unauthorized', { status: 401 }); + } + } +}; +`} /> + +#### Exemplo de Migração de Rotas + + + +#### Documentação de referência + +* [Functions](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions/) +* [Functions Instances](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions-instances/) +* [Rules Engine para Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/rules-engine/) + +### 6. Migrando Lambda para Functions + +Functions são o motor computacional de aplicações distribuídas modernas. Frequentemente contêm a lógica mais crítica do negócio: autenticação, personalização, orquestração de API e integrações com sistemas de terceiros. + +#### Diferenças Principais + +| Aspecto | AWS Lambda | Azion Functions | +| :----- | :--------- | :-------------- | +| **Assinatura da função** | `exports.handler = async (event) => {}` | `export default { async fetch(request) {} }` | +| **Runtime** | Node.js, Python, Java, Go, .NET, Ruby | JavaScript (V8 isolates) | +| **Memória** | 128 MB - 10.240 MB | 512 MB (padrão) | +| **Timeout** | 1 s - 15 min | Configurável por execução | +| **Cold starts** | Comuns (regional, VPC-cold) | Minimizados (nós distribuídos) | +| **Fontes de evento** | SQS, SNS, Kinesis, DynamoDB, API Gateway | Requisições HTTP, triggers agendados | + +#### Atualize Assinatura da Função + + { + const body = JSON.parse(event.body); + const pathParams = event.pathParameters; + const queryParams = event.queryStringParameters; + + // Processe a requisição + return { + statusCode: 200, + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ message: 'Hello', data: body }) + }; +}; + +// Depois: Azion Functions +export default { + async fetch(request) { + const body = await request.json(); + const url = new URL(request.url); + const queryParams = Object.fromEntries(url.searchParams); + + // Processe a requisição + return new Response(JSON.stringify({ message: 'Hello', data: body }), { + status: 200, + headers: { 'Content-Type': 'application/json' } + }); + } +}; +`} /> + +#### Migração de Contexto de Evento + + { + const requestId = context.awsRequestId; + const functionName = context.functionName; + const remainingTime = context.getRemainingTimeInMillis(); + + // Metadados de requisição do API Gateway + const sourceIp = event.requestContext.identity.sourceIp; + const userAgent = event.requestContext.identity.userAgent; + const country = event.headers['CloudFront-Viewer-Country']; + + return { statusCode: 200, body: 'OK' }; +}; + +// Depois: Azion Functions +export default { + async fetch(request, env, ctx) { + // Metadados da requisição + const requestId = request.headers.get('x-request-id'); + const userAgent = request.headers.get('user-agent'); + const country = request.metadata['geoip_country_code']; + const city = request.metadata['geoip_city']; + + // Metadados geo disponíveis diretamente + const region = request.metadata['geoip_region']; + + return new Response('OK', { status: 200 }); + } +}; +`} /> + +#### Migração de Variáveis de Ambiente + + + +#### Comparação de Cold Start + +AWS Lambda cold starts variam significativamente com runtime, alocação de memória e configuração de VPC. Azion Functions minimizam cold starts por meio de distribuição em nós: + +| Cenário | Cold Start AWS Lambda | Cold Start Azion Functions | +| :------- | :-------------------- | :------------------------- | +| Node.js (sem VPC) | 100-300ms | Mínimo | +| Node.js (com VPC) | 500ms-2s | N/A (sem conceito de VPC) | +| Java/Spring | 1-5s | N/A | +| Python | 100-500ms | N/A | + +:::note +Azion Functions usam V8 isolates (runtime JavaScript), fornecendo performance consistente sem a variabilidade de cold start de Lambda baseado em containers. Se você tem funções Lambda em Java, Python ou outros runtimes, será necessário reescrevê-las em JavaScript. +::: + +#### Documentação de referência + +* [Functions](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions/) +* [Functions Instances](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions-instances/) +* [Runtime APIs](https://www.azion.com/pt-br/documentacao/produtos/build/desenvolva-com-azion/runtime-apis/) +* [JavaScript Runtime APIs referência](https://www.azion.com/pt-br/documentacao/runtime-apis/javascript/) + +### 7. Migrando Load Balancing (ALB/NLB para Load Balancer) + +Load balancing distribui tráfego entre múltiplas origens para alta disponibilidade e performance. O Azion Load Balancer fornece health checks, políticas de steering e failover de origem na infraestrutura distribuída. + +#### Diferenças Principais + +| Aspecto | AWS ALB/NLB | Azion Load Balancer | +| :----- | :---------- | :------------------ | +| **Health checks** | HTTP, HTTPS, TCP | HTTP, HTTPS, TCP | +| **Políticas de steering** | Round-robin, Least connections, IP hash | Round-robin, Least connections, Geo | +| **Failover** | Failover de target group | Failover em nível de origem | +| **Afinidade de sessão** | Cookie, IP hash | Cookie, IP hash | +| **Targets** | EC2, Lambda, endereços IP | Connectors (origens) | +| **Protocolo** | Camada 4 (NLB), Camada 7 (ALB) | Camada 7 (HTTP/HTTPS) | + +#### Passos de Configuração + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Products menu** > **Connectors**. +3. Crie um **Connector** para cada servidor de origem. +4. Configure health checks para cada origem. +5. Na sua **Application**, configure origens com definições de load balancing. +6. Defina pesos de origem para distribuição ponderada. +7. Habilite afinidade de sessão se necessário. + + + + + + + +#### Configuração do Módulo Load Balancer + + + +#### Migração de Target Group ALB + +| Config AWS ALB | Equivalente Azion | +| :------------- | :--------------- | +| Target Group | Connector | +| Health Check Path | Caminho de health check do Connector | +| Health Check Interval | Intervalo de health check do Connector | +| Healthy Threshold | Limite de sucesso do health check | +| Unhealthy Threshold | Limite de falha do health check | + +#### Documentação de referência + +* [Load Balancer](https://www.azion.com/pt-br/documentacao/produtos/secure/connectors/load-balancer/) +* [Connectors](https://www.azion.com/pt-br/documentacao/produtos/secure/connectors/) +* [Application configurações principais](https://www.azion.com/pt-br/documentacao/produtos/build/applications/configuracoes-principais/) + +### 8. Migrando Configuração de Cache + +A configuração de cache determina como o conteúdo é armazenado e servido a partir de localizações de nós. O Azion Cache fornece controle granular com suporte a Tiered Cache para melhorar hit ratios. + +#### Diferenças Principais + +| Aspecto | AWS CloudFront Cache | Azion Cache | +| :----- | :------------------- | :---------- | +| **Níveis de cache** | Regional edge caches + Edge locations | Tiered Cache + Cache + Browser Cache | +| **Cache key** | Política de cache + política de requisição à origem | Customizável via Rules Engine | +| **Purge** | Invalidations (baseadas em caminho) | Purge por URL, Cache Key, Wildcard | +| **Conteúdo stale** | Origin shield, stale-while-revalidate | Stale-while-revalidate | +| **Limites de TTL** | Padrão 24h, máximo 1 ano | Configuração por regra | + +#### CloudFront Cache Policies para Azion Cache Settings + +| CloudFront Cache Policy | Equivalente Azion | +| :---------------------- | :--------------- | +| CachingOptimized | Default Cache Settings com TTL alto | +| CachingDisabled | Comportamento Bypass Cache no Rules Engine | +| Elemental-MediaPackage | Cache Settings customizadas para streaming | +| Política customizada | Cache Settings + Rules Engine | + +#### Passos de Configuração + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Edite sua **Application**. +3. Navegue para **Cache Settings**. +4. Configure TTL de cache padrão. +5. Habilite **Tiered Cache** para melhorar hit ratio. +6. Adicione regras de cache customizadas via **Rules Engine**. + + + + +:::note +Configurações de cache são gerenciadas como sub-recursos sob aplicações. Você deve especificar tanto o `application_id` quanto o `cache_setting_id` para atualizar a configuração de cache. +::: + + + +#### Customização de Cache Key + +No CloudFront, cache keys são definidas por políticas de cache. Na Azion, use **Advanced Cache Key** em Cache Settings: + +**Exemplo: Variar cache por query strings** + + + +#### CloudFront Invalidation para Azion Purge + + + +#### Documentação de referência + +* [Cache](https://www.azion.com/pt-br/documentacao/produtos/build/applications/cache/) +* [Cache Settings](https://www.azion.com/pt-br/documentacao/produtos/build/applications/cache-settings/) +* [Tiered Cache](https://www.azion.com/pt-br/documentacao/produtos/build/applications/cache/tiered-cache/) +* [Real-Time Purge](https://www.azion.com/pt-br/documentacao/produtos/build/applications/real-time-purge/) + +### 9. Migrando Otimização de Imagens + +A otimização de imagens reduz tamanhos de arquivos mantendo a qualidade visual. O Azion Image Processor transforma, otimiza e entrega imagens a partir de localizações distribuídas com seleção automática de formato. + +#### Diferenças Principais + +| Aspecto | AWS CloudFront + Lambda@Edge | Azion Image Processor | +| :----- | :-------------------------- | :-------------------- | +| **Storage** | Origem S3 | Integração com Object Storage | +| **Transformações** | Lambda@Edge customizado | Transformações integradas | +| **Formato de URL** | Implementação customizada | Parâmetro de query `?ims=` | +| **Suporte de formato** | Implementação customizada | WebP, AVIF, JPEG, PNG | +| **URLs assinadas** | CloudFront signed URLs | Secure Token | + +#### Comparação de Formato de URL + + + +#### Parâmetros de Transformação + +O Azion Image Processor usa o parâmetro de query `ims` para transformações: + +| Sintaxe | Descrição | Exemplo | +| :----- | :---------- | :------ | +| `?ims=WxH` | Redimensiona para largura x altura | `?ims=400x300` | +| `?ims=Wx` | Redimensiona para largura (altura automática) | `?ims=400x` | +| `?ims=xH` | Redimensiona para altura (largura automática) | `?ims=x300` | +| `?ims=WxH:fill` | Crop para dimensões exatas | `?ims=400x300:fill` | +| `?ims=WxH:fit` | Ajusta dentro das dimensões | `?ims=400x300:fit` | + +#### Passos de Configuração + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Edite sua **Application**. +3. Navegue para configurações de **Image Processor**. +4. Habilite Image Processor. +5. Configure qualidade padrão e configurações de formato. +6. Configure Object Storage como fonte de imagens (opcional). + + + + +:::note +A configuração `image_processor` deve estar aninhada sob `modules` no corpo da requisição. Configurações do Image Processor são gerenciadas no nível da aplicação. +::: + + + +:::note +O Azion Image Processor otimiza automaticamente o formato da imagem baseado no cabeçalho `Accept` do cliente, servindo WebP ou AVIF para browsers suportados. +::: + +#### Documentação de referência + +* [Image Processor](https://www.azion.com/pt-br/documentacao/produtos/build/applications/image-processor/) +* [Como processar imagens](https://www.azion.com/pt-br/documentacao/produtos/guias/build/processe-imagens/) +* [Object Storage](https://www.azion.com/pt-br/documentacao/produtos/store/object-storage/) + +### 10. Migrando Workloads de IA (Bedrock para AI Inference) + +Inferência de IA habilita recursos alimentados por IA com baixa latência em aplicações. O Azion AI Inference fornece inferência com suporte a GPU para modelos de texto e visuais na infraestrutura distribuída. + +#### Diferenças Principais + +| Aspecto | AWS Bedrock | Azion AI Inference | +| :----- | :---------- | :----------------- | +| **Acesso a modelos** | Foundation models gerenciados | Deployment de modelos customizados | +| **API de inferência** | Bedrock Runtime API | REST API + Functions | +| **Tipos de modelos** | Claude, Llama, Titan, Stable Diffusion | Modelos customizados, LLMs | +| **Suporte a GPU** | Infraestrutura gerenciada | Instâncias de GPU dedicadas | +| **Preço** | Por token / por imagem | Por inferência | + +#### Passos de Configuração + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **AI Inference** (via Marketplace ou Functions). +3. Faça deploy de um modelo ou use templates prontos. +4. Configure o endpoint de inferência. +5. Integre com sua aplicação via Functions. + + + + + + + +#### Exemplo de Migração de Bedrock para Azion + + + +#### Documentação de referência + +* [AI Inference](https://www.azion.com/pt-br/documentacao/produtos/ai/ai-inference/) +* [AI Inference modelos](https://www.azion.com/pt-br/documentacao/produtos/ai/ai-inference/models/) +* [AI Inference Starter Kit](https://www.azion.com/pt-br/documentacao/produtos/guias/ai-inference-starter-kit/) + +### 11. Migrando Orquestração (Step Functions, EventBridge) + +AWS Step Functions e EventBridge oferecem orquestração de workflows e roteamento de eventos. A Azion alcança padrões semelhantes por meio de encadeamento de Functions e Data Streaming para arquiteturas orientadas a eventos. + +#### Diferenças Principais + +| Aspecto | AWS Step Functions | Encadeamento de Azion Functions | +| :----- | :----------------- | :------------------------------ | +| **Definição de workflow** | ASL (Amazon States Language) | JavaScript/TypeScript | +| **Gerenciamento de estado** | State machine integrado | Implementação customizada | +| **Tratamento de erro** | Retry, catch, fallback | Try/catch em Functions | +| **Visualização** | Workflow Studio | Baseada em código | + +| Aspecto | AWS EventBridge | Azion Data Streaming | +| :----- | :-------------- | :------------------- | +| **Roteamento de eventos** | Rules e targets | Data Streaming + Functions | +| **Padrões de evento** | Pattern matching | Lógica customizada em Functions | +| **Targets** | 100+ serviços AWS | Endpoints HTTP, Functions | + +#### Step Functions para Encadeamento de Functions + + + +#### EventBridge para Data Streaming + +", 100] }] + } +} + +// Target: função Lambda para processamento + +// Depois: Azion Data Streaming + Functions +// Configure Data Streaming para enviar eventos ao endpoint da sua Function +// Então processe na Function: + +export default { + async fetch(request) { + const events = await request.json(); + + for (const event of events) { + if (event.source === 'com.mycompany.orders' && + event.type === 'OrderCreated' && + event.data.amount > 100) { + // Processe pedido de alto valor + await processHighValueOrder(event.data); + } + } + + return new Response('OK'); + } +}; +`} /> + +#### Documentação de referência + +* [Functions](https://www.azion.com/pt-br/documentacao/produtos/build/applications/functions/) +* [Data Streaming](https://www.azion.com/pt-br/documentacao/produtos/observe/data-streaming/) + +## Secure + +A categoria Secure cobre domínios, DNS, certificados, regras de firewall e proteção contra tráfego malicioso. Planeje essas migrações como cutovers controlados, já que afetam como os usuários acessam sua aplicação e como ela é protegida em produção. + +### 1. Migrando Domínios Customizados + +A migração de domínios customizados é uma das partes mais sensíveis de qualquer transição de plataforma. Afeta usuários, SEO, confiança na marca e disponibilidade de produção. Planeje a migração de domínio como um cutover controlado, não uma mudança de DNS de última hora. + +#### Estratégias de Migração + +| Estratégia | Melhor Para | Controle de DNS | +| :------- | :------- | :---------- | +| **CNAME** | Migração rápida de subdomínio | Mantenha Route 53 como provedor de DNS | +| **Nameserver** | Controle total de DNS e domínios apex | Transfira DNS para a Azion | + +#### Crie o Certificado + +Crie seu certificado SSL/TLS **antes** de apontar seu domínio para a Azion. Isso garante que os usuários possam acessar a aplicação de forma segura via HTTPS quando o domínio começar a resolver para a nova infraestrutura. + +A Azion fornece certificados Let's Encrypt gratuitos com renovação automática. + +#### Configure o Domínio + +Crie um workload no Azion Console e associe seu domínio customizado. Veja a [documentação de Workloads](https://www.azion.com/pt-br/documentacao/produtos/secure/workloads/). + +#### Aponte o Domínio para a Azion + + + Migração CNAME + Migração Nameserver + + +Atualize sua hosted zone do Route 53 para apontar o subdomínio para a Azion: + + + +Isso mantém Route 53 como seu provedor de DNS enquanto roteia o tráfego através da Azion. + + + +Configure seu domínio para usar os nameservers DNS da Azion no seu registrador de domínios: + + + +Isso dá à Azion controle total de DNS, necessário para domínios apex. + + + +#### Verifique Propagação + + + +:::caution[aviso] +Antes de trocar tráfego de produção, confirme: certificado está ativo, domínio está associado ao workload correto, registros DNS estão prontos, rotas críticas foram testadas, redirects se comportam como esperado e monitoramento está configurado para validação pós-cutover. +::: + +#### Documentação de referência + +* [Workloads](https://www.azion.com/pt-br/documentacao/produtos/secure/workloads/) +* [Crie um domínio customizado Azion](https://www.azion.com/pt-br/documentacao/produtos/guias/crie-dominio-customizado-azion/) +* [Edge DNS](https://www.azion.com/pt-br/documentacao/produtos/secure/edge-dns/) +* [Certificate Manager](https://www.azion.com/pt-br/documentacao/produtos/build/applications/certificate-manager/) + +### 2. Migrando DNS para Edge DNS + +A configuração de DNS é fundamental para a entrega de aplicações. Migrar de Route 53 para Edge DNS requer planejamento cuidadoso para evitar tempo de inatividade durante a troca de nameservers. + +#### Diferenças Principais + +| Aspecto | Route 53 | Azion Edge DNS | +| :----- | :------- | :------------- | +| **Nameservers** | Atribuídos por hosted zone | `ns1.aziondns.net`, `ns2.aziondns.com`, `ns3.aziondns.org` | +| **Tipos de registro** | A, AAAA, CNAME, MX, TXT, SRV, NS, SOA, PTR, CAA | A, AAAA, CNAME, MX, TXT, SRV, NS, CAA, PTR | +| **Políticas de roteamento** | Simple, Weighted, Latency, Failover, Geolocation | Round-robin, Geo | +| **Health checks** | Route 53 health checks | Connector health checks | +| **DNSSEC** | Suportado | Suportado | +| **API** | REST API | REST API v4 | +| **Anycast** | Global Anycast | Global Anycast | + +#### Passos de Migração + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Products menu** > **Edge DNS**. +3. Clique em **+ Zone** para criar uma nova zona DNS. +4. Insira o nome do seu domínio. +5. Adicione registros DNS correspondentes à sua configuração Route 53. +6. Anote os nameservers Azion atribuídos à sua zona. +7. Atualize os nameservers no seu registrador de domínios (não no Route 53). + + + + +:::note +Zonas DNS requerem campos `name`, `domain` e `active`. Registros DNS usam `rdata` como um array de strings (ex: `["192.168.1.1"]` para registros A, `["mail.example.com"]` para CNAME). O campo `entry` especifica o prefixo do nome do registro. +::: + + + +#### Mapeamento de Tipos de Registro + +| Registro Route 53 | Azion Edge DNS | Notas | +| :-------------- | :------------- | :---- | +| A | A | Mapeamento direto de IP | +| AAAA | AAAA | Endereço IPv6 | +| CNAME | CNAME | Alias para outro domínio | +| MX | MX | Mail exchange (incluir prioridade) | +| TXT | TXT | Registros de texto (SPF, DKIM) | +| SRV | SRV | Registros de serviço | +| CAA | CAA | Certificate Authority Authorization | +| NS | NS | Delegação de nameserver | +| PTR | PTR | Reverse DNS lookup | + +#### Migração de Política de Roteamento + +| Política Route 53 | Equivalente Azion | Implementação | +| :-------------- | :--------------- | :------------- | +| Simple | Registro padrão | Registro único com um ou mais valores | +| Weighted | Não suportado diretamente | Use Functions para lógica customizada | +| Latency | Não suportado diretamente | Applications lida com roteamento | +| Failover | Não suportado diretamente | Configure via Rules Engine | +| Geolocation | Roteamento Geo | Disponível em Edge DNS | + +#### Configuração de DNSSEC + +Para habilitar DNSSEC: + +1. Navegue para sua zona no Edge DNS. +2. Vá para a aba **DNSSEC**. +3. Habilite DNSSEC. +4. Copie o registro DS para seu registrador de domínios. + + + +#### Verifique Propagação + + + +#### Documentação de referência + +* [Edge DNS](https://www.azion.com/pt-br/documentacao/produtos/secure/edge-dns/) +* [Compatibilidade DNSSEC](https://www.azion.com/pt-br/documentacao/produtos/secure/edge-dns/dnssec-compatibility/) +* [Execute o comando dig](https://www.azion.com/pt-br/documentacao/produtos/guias/execute-comando-dig/) +* [Execute o comando traceroute](https://www.azion.com/pt-br/documentacao/produtos/guias/execute-comando-traceroute/) + +### 3. Migrando SSL/TLS para Certificate Manager + +Certificados SSL/TLS garantem comunicação segura entre clientes e sua aplicação. A Azion fornece provisionamento automático de certificados e suporta certificados customizados do AWS Certificate Manager (ACM). + +#### Diferenças Principais + +| Área | AWS Certificate Manager | Azion Certificate Manager | +| :--- | :---------------------- | :------------------------ | +| **Tipos de certificado** | Público, privado, importado | Let's Encrypt, Custom, Azion SAN | +| **Validação** | DNS, email | DNS-01, HTTP-01 | +| **Renovação** | Automática | Automática (Let's Encrypt) | +| **Escopo** | Regional (us-east-1 para CloudFront) | Rede global | +| **mTLS** | Suportado (Private CA) | Suportado (Trusted CA) | +| **Custo** | Gratuito para recursos AWS | Gratuito (Let's Encrypt) | + +#### Provisionamento Automático de Certificado + +A Azion provisiona automaticamente certificados Let's Encrypt para domínios customizados: + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Crie ou edite um **Workload**. +3. Adicione seu domínio customizado. +4. A Azion provisiona automaticamente um certificado Let's Encrypt. +5. Verifique a propriedade do domínio (se necessário). +6. Aguarde ativação do certificado (tipicamente 5-15 minutos). + + + + +:::note +O campo `tls.certificate` referencia um ID de certificado existente do Certificate Manager. Use o Console para provisionar certificados Let's Encrypt automaticamente, ou envie certificados customizados via API do Certificate Manager. +::: + + + +#### Upload de Certificado Customizado + +Para organizações com certificados existentes do ACM ou CAs externas: + + + Console + API + + +1. Exporte seu certificado do ACM (se aplicável). +2. Vá para **Products menu** > **Certificate Manager**. +3. Clique em **+ Certificate**. +4. Selecione **Custom Certificate**. +5. Faça upload do seu certificado (formato PEM). +6. Faça upload da sua chave privada. +7. Faça upload da cadeia CA intermediária (se aplicável). +8. Associe o certificado ao seu workload. + + + + +:::note +O endpoint de certificados é `/v4/workspace/tls/certificates`. O certificado e a chave privada devem estar em formato PEM. Certificados CA intermediários podem ser anexados ao campo de certificado se necessário. +::: + + + +#### Configuração de mTLS + +Para autenticação mutual TLS: + +1. Navegue para **Certificate Manager**. +2. Faça upload do seu certificado CA como Trusted CA. +3. Configure seu workload para requerer certificados de cliente. +4. Veja o [guia de configuração mTLS](/pt-br/documentacao/produtos/guias/mtls/) para passos detalhados. + +:::note +Certificados ACM Private CA podem ser exportados e enviados para a Azion como certificados Trusted CA para configuração de mTLS. +::: + +#### Documentação de referência + +* [Certificate Manager](https://www.azion.com/pt-br/documentacao/produtos/build/applications/certificate-manager/) +* [Firewall Certificate Manager](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/certificate-manager/) +* [Crie um certificado digital](https://www.azion.com/pt-br/documentacao/produtos/guias/crie-certificado-digital/) +* [mTLS](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/mtls/) + +### 4. Migrando WAF para Web Application Firewall + +Web Application Firewall protege aplicações contra tráfego malicioso, injeção SQL, cross-site scripting (XSS) e outros ataques de camada de aplicação. Migrar regras AWS WAF requer mapeamento cuidadoso da lógica das regras e compreensão das diferenças na construção de regras. + +#### Diferenças Principais + +| Aspecto | AWS WAF | Azion WAF | +| :----- | :------ | :-------- | +| **Linguagem de regras** | Regras baseadas em JSON | Critérios do Rules Engine | +| **Regras gerenciadas** | AWS Managed Rules, regras de Marketplace | Rulesets gerenciados pela Azion | +| **Regras customizadas** | Web ACL com regras | Rules Engine para Firewall | +| **Cobertura OWASP** | Core rule set via regras gerenciadas | Cobertura OWASP Top 10 | +| **Escopo** | Regional ou CloudFront | Rede global | +| **Opções de modo** | Count, Block | Learning, Blocking | + +#### Passos de Migração + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Products menu** > **Firewall**. +3. Selecione ou crie uma instância de Firewall. +4. Navegue para a aba **WAF**. +5. Habilite os rulesets gerenciados desejados (SQL Injection, XSS etc.). +6. Configure o nível de sensibilidade por ruleset. +7. Crie regras customizadas na aba **Rules Engine**. +8. Associe o Firewall à sua aplicação. + + + + +:::note +Instâncias WAF são criadas pelo endpoint `/v4/workspace/wafs`. A configuração `engine_settings` define rulesets de detecção de ameaças e limites de sensibilidade. Para regras WAF customizadas, use o Firewall Rules Engine. +::: + + + +#### Exemplo de Migração de Regra + +Converta uma regra AWS WAF para Azion Rules Engine: + +**Regra JSON AWS WAF:** + + +**Critérios Azion:** + + +:::note +O Azion WAF opera em modo Learning por padrão, analisando padrões de tráfego antes do bloqueio ativo. Use esse modo para validar o comportamento das regras antes de mudar para modo Blocking. +::: + +#### Mapeamento de AWS Managed Rules para Rulesets Azion + +| Grupo de Regras Gerenciadas AWS | Equivalente Azion | +| :------------------------------ | :--------------- | +| AWSManagedRulesCommonRuleSet | General Attack Detection | +| AWSManagedRulesSQLiRuleSet | SQL Injection ruleset | +| AWSManagedRulesXSSRuleSet | XSS ruleset | +| AWSManagedRulesLinuxRuleSet | OS Command Injection | +| AWSManagedRulesPHPAppRuleSet | Incluído em General Detection | + +#### Documentação de referência + +* [Web Application Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/web-application-firewall/) +* [Rules Engine para Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/rules-engine/) +* [Functions para Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/functions/) + +### 5. Migrando DDoS Protection + +DDoS Protection protege contra ataques volumétricos, ataques de protocolo e ataques de camada de aplicação. A Azion fornece mitigação DDoS automática sem configuração necessária para a maioria dos tipos de ataque. + +#### Diferenças Principais + +| Aspecto | AWS Shield | Azion DDoS Protection | +| :----- | :--------- | :-------------------- | +| **Proteção padrão** | Automática, sem custo | Automática, sem custo | +| **Proteção avançada** | AWS Shield Advanced (custo adicional) | Regras gerenciadas + Rules Engine | +| **Cobertura de camadas** | L3, L4, L7 | L3, L4, L7 | +| **Equipe de resposta DDoS** | Somente Shield Advanced | Suporte Enterprise | +| **Proteção de custo** | Shield Advanced inclui proteção de custo | Proteção padrão | + +#### Proteção Automática + +O Azion DDoS Protection é ativado automaticamente para todas as aplicações. Nenhuma configuração manual é necessária para proteção padrão contra: + +* Ataques volumétricos (UDP floods, ICMP floods) +* Ataques de protocolo (SYN floods, fragmentação de pacotes) +* Ataques de camada de aplicação (HTTP floods, slowloris) + +#### Configuração Avançada + +Para aplicações que exigem políticas DDoS específicas: + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Products menu** > **Firewall**. +3. Selecione sua instância de Firewall. +4. Navegue para a aba **DDoS Protection**. +5. Configure limites. +6. Habilite/desabilite regras específicas de mitigação. +7. Configure notificações de alerta. + + + + +:::note +DDoS protection é um módulo configurado dentro do recurso Firewall, não um endpoint separado. Configure-o por meio do campo `modules.ddos_protection` ao criar ou atualizar uma instância de Firewall. +::: + + + +#### Network Shield + +Para proteção de camada de rede, use o Azion Network Shield: + +* Fornece proteção DDoS L3/L4 +* Trabalha com Edge DNS para filtragem de tráfego +* Integra-se com Firewall para segurança unificada + +#### Documentação de referência + +* [DDoS Protection](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/ddos-protection/) +* [DDoS Mitigation](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/ddos-protection/ddos-mitigation/) +* [Network Shield](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/network-shield/) + +### 6. Migrando Bot Management + +Bot management protege aplicações contra ameaças automatizadas enquanto permite bots legítimos. O Azion Bot Manager fornece detecção, challenge e recursos de mitigação. + +#### Diferenças Principais + +| Aspecto | AWS Bot Control | Azion Bot Manager | +| :----- | :-------------- | :---------------- | +| **Detecção** | Machine learning, heurísticas, fingerprinting | Machine learning, análise comportamental, fingerprinting, Reputation Intelligence | +| **Challenge** | CAPTCHA, silent challenge | Injeção JavaScript (fingerprinting), ALTCHA (via redirect) | +| **Ações** | Allow, Count, Block, CAPTCHA | Allow, Deny, Drop, Redirect, Custom HTML, Random Delay, Hold Connection | +| **Versão Lite** | Não disponível | Bot Manager Lite (Marketplace) | + +#### Bot Manager Lite (Marketplace) + +Para proteção básica contra bots, instale o Bot Manager Lite pelo Azion Marketplace: + + + Console + Marketplace + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Marketplace**. +3. Pesquise por **Bot Manager Lite**. +4. Clique em **Install**. +5. Configure a sensibilidade de detecção. +6. Configure ações de resposta (challenge, block). +7. Associe à sua instância de Firewall. + + + +Bot Manager Lite fornece: +* Detecção de bots baseada em score com limite configurável +* Múltiplas ações de resposta (deny, drop, redirect, custom HTML) +* Validação de reputação de IP via network lists +* Níveis de tolerância ajustáveis (soft, medium, hard) + + + +#### Regras Customizadas de Bot + +Crie regras customizadas para tratar bots específicos: + + + +#### Verificação + + + +#### Documentação de referência + +* [Bot Manager](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/bot-manager/) +* [Bot Manager Lite](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/bot-manager-lite/) +* [Bot Manager Lite integration kit](https://www.azion.com/pt-br/documentacao/produtos/guias/bot-manager-lite-integration-kit/) +* [Radware Bot Manager](https://www.azion.com/pt-br/documentacao/produtos/guias/radware-bot-manager/) + +### 7. Migrando Rate Limiting + +Rate limiting protege aplicações contra abuso limitando taxas de requisições por cliente. A Azion fornece rate limiting por meio de regras de Firewall e Functions. + +#### Diferenças Principais + +| Aspecto | AWS WAF Rate Limiting | Azion Rate Limiting | +| :----- | :-------------------- | :----------------- | +| **Configuração** | Regras rate-based em Web ACL | Regras de Firewall + Functions | +| **Granularidade** | Caminho, método, IP, cabeçalho | Caminho, método, IP, customizado | +| **Ações** | Block, Count | Block, Log | +| **Janela** | 1 minuto a 1 hora | Customizável | +| **Escopo** | Regional ou CloudFront | Rede global | + +#### Rate Limiting Baseado em Firewall + +Configure rate limiting no Firewall Rules Engine: + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Firewall** > **Rules Engine**. +3. Crie uma nova regra. +4. Defina critérios (caminho, método etc.). +5. Adicione o comportamento **Rate Limit**. +6. Configure requisições por segundo/minuto. +7. Defina a ação (Block, Log). + + + + +:::note +Regras de Firewall são criadas em `/v4/workspace/firewalls/{firewall_id}/request_rules`. O caminho segue o padrão de recursos de workspace. +::: + + + +#### Documentação de referência + +* [Rules Engine para Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/rules-engine/) +* [Functions para Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/functions/) +* [Functions Instances para Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/functions-instances/) + +### 8. Migrando Serviços de Segurança + +A AWS fornece múltiplos serviços de segurança para detecção de ameaças e gerenciamento de vulnerabilidades. A Azion oferece proteção comparável por meio de Firewall e Network Lists. + +#### Diferenças Principais + +| Aspecto | Serviços de Segurança AWS | Equivalente Azion | +| :----- | :------------------------ | :--------------- | +| **Detecção de ameaças** | GuardDuty | Firewall + Network Lists | +| **Varredura de vulnerabilidades** | Inspector | Varredura externa + Firewall | +| **Security Hub** | Findings centralizados | Real-Time Events + logs de Firewall | +| **Threat intelligence** | Feeds de ameaça do GuardDuty | Network Lists (Tor, IPs maliciosos conhecidos) | + +#### Network Lists para Threat Intelligence + +A Azion fornece Network Lists que incluem dados de threat intelligence: + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Products menu** > **Network Lists**. +3. Veja listas mantidas pela Azion disponíveis: + * **Tor Nodes**: nós de saída Tor conhecidos + * **Malicious IPs**: endereços IP maliciosos conhecidos + * **Geo-blocking**: listas baseadas em país +4. Crie listas customizadas para suas necessidades específicas. +5. Referencie listas em regras de Firewall. + + + + +:::note +Network Lists são criadas via `/v4/workspace/network_lists`. Use o ID da lista em regras de Firewall com o operador `is_in_network_list` para bloquear tráfego de fontes maliciosas conhecidas. +::: + + + +#### Considerações de Migração + +Ao migrar de serviços de segurança AWS: + +1. **Findings do GuardDuty**: exporte findings e crie regras Firewall correspondentes para ameaças baseadas em IP. +2. **Vulnerabilidades do Inspector**: corrija vulnerabilidades da aplicação antes da migração; o Azion WAF fornece proteção de runtime. +3. **Logs CloudTrail**: configure Real-Time Events para visibilidade comparável. +4. **Security Hub**: use Azion Real-Time Events e integração externa com SIEM. + +#### Documentação de referência + +* [Network Lists](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/network-lists/) +* [Real-Time Events](https://www.azion.com/pt-br/documentacao/produtos/observe/real-time-events/) +* [Data Streaming](https://www.azion.com/pt-br/documentacao/produtos/observe/data-streaming/) + +## Store + +A categoria Store cobre serviços de dados. Migre objetos, dados key-value e bancos relacionais com atenção a consistência, padrões de acesso e compatibilidade da aplicação. + +### 1. Migrando S3 para Object Storage + +Object storage alimenta arquivos importantes para usuários e operações de negócio: imagens, documentos, assets estáticos, arquivos de mídia, uploads e conteúdo gerado. O Azion Object Storage fornece armazenamento compatível com S3 com custo zero de transferência de dados para fora. + +#### Diferenças Principais + +| Aspecto | Amazon S3 | Azion Object Storage | +| :----- | :-------- | :------------------- | +| **Endpoint** | `https://s3.amazonaws.com/bucket` | `https://s3.us-east-005.azionstorage.net` | +| **Endpoint S3** | `s3.amazonaws.com` | `s3.us-east-005.azionstorage.net` | +| **Região** | Múltiplas regiões | `us-east-005` | +| **Transferência para fora** | Cobrada por GB | Custo zero | +| **Classe de storage** | Standard, Intelligent-Tiering, Glacier | Standard | +| **Limites de bucket** | 100 por conta (padrão) | 100 por conta (padrão) | + +#### Atualize a Configuração + +Atualize a configuração do seu cliente S3 para usar Azion Object Storage: + + + +#### Crie Credenciais S3 + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Object Storage**. +3. Navegue para a aba **S3 Credentials**. +4. Clique em **+ Credential**. +5. Selecione o escopo de bucket ou conta. +6. Configure capacidades (read, write, delete, list). +7. Salve a access key e a secret key com segurança. + + + + +:::note +Credenciais S3 são criadas via endpoint `/v4/workspace/storage/s3_credentials`. O campo `capabilities` define quais operações a credencial pode executar. Salve a `secret_key` retornada imediatamente, pois ela não poderá ser recuperada depois. +::: + + + +#### Migre Dados com s3cmd + +[s3cmd](https://s3cmd.org) é uma ferramenta de linha de comando para gerenciar serviços de storage compatíveis com S3. É uma opção eficaz para migrar dados do Amazon S3 para Azion Object Storage. + +1. Instale `s3cmd` e execute `s3cmd --configure` para configurar suas credenciais Azion: + +* **Access Key / Secret Key:** insira as chaves geradas para Azion Object Storage. +* **Default Region:** `us-east-005` (`s3cmd` também aceita `us-east` para configuração interativa). +* **S3 Endpoint:** `s3.us-east-005.azionstorage.net`. +* **DNS template:** `%(bucket).s3.us-east-005.azionstorage.net`. +* **Use HTTPS protocol:** `true`. + +2. Use os comandos a seguir para migrar seus dados: + +| Comando | Descrição | +| :------ | :---------- | +| `s3cmd ls` | Lista todos os buckets. | +| `s3cmd put file.png s3://my-bucket/` | Faz upload de um objeto. | +| `s3cmd get s3://my-bucket/file.png` | Faz download de um objeto. | +| `s3cmd sync s3://aws-bucket/ s3://azion-bucket/` | Sincroniza entre buckets. | + +#### Migre Dados com AWS CLI + +Configure AWS CLI com credenciais Azion: + + + +#### Migre Dados com rclone + +[rclone](https://rclone.org) suporta sincronização entre diferentes provedores de storage: + + + +:::note +Migre dados usando ferramentas familiares como s3cmd, rclone ou AWS CLI. Antes da migração, mapeie buckets, prefixos de objetos, assets públicos/privados, padrões de acesso e lógica de signed URL. +::: + +#### Use Bucket como Origem + +Configure Object Storage como origem para sua Application: + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Connectors**. +3. Crie um novo Connector com tipo **Object Storage**. +4. Selecione seu bucket. +5. Configure o prefixo (opcional). +6. Associe o Connector à sua Application. + + + + +:::note +Connectors são criados via `/v4/workspace/connectors`. Use `type: "object_storage"` e especifique o nome do bucket. O campo opcional `prefix` limita objetos servidos a um caminho específico dentro do bucket. +::: + + + +#### Documentação de referência + +* [Object Storage](https://www.azion.com/pt-br/documentacao/produtos/store/object-storage/) +* [Como acessar Object Storage usando protocolo S3](https://www.azion.com/pt-br/documentacao/produtos/guias/s3-protocol-for-object-storage/) +* [Crie e modifique um bucket](https://www.azion.com/pt-br/documentacao/produtos/guias/crie-e-modifique-bucket/) +* [Faça upload e download de objetos](https://www.azion.com/pt-br/documentacao/produtos/guias/faca-upload-e-download-de-objetos-de-bucket/) +* [Use um bucket como origem](https://www.azion.com/pt-br/documentacao/produtos/store/storage/use-bucket-as-origin/) +* [Referência da biblioteca Storage](https://www.azion.com/pt-br/documentacao/produtos/azion-lib/storage/) + +### 2. Migrando DynamoDB para KV Store / SQL Database + +DynamoDB é um banco de dados serverless key-value e de documentos. O destino de migração depende do seu caso de uso: operações key-value mapeiam para KV Store, enquanto consultas complexas mapeiam para SQL Database. + +#### Diferenças Principais + +| Aspecto | Amazon DynamoDB | Azion KV Store | Azion SQL Database | +| :----- | :-------------- | :------------- | :----------------- | +| **Modelo de dados** | Key-value, documento | Key-value | Relacional (SQLite) | +| **Capacidade de consulta** | Key lookups, queries, scans | Key lookups, operações hash | SQL completo | +| **Replicação global** | Global Tables (multi-Region) | Global por padrão | Arquitetura Main/Replicas | +| **Consistência** | Eventual, forte | Eventual | Forte (ACID) | +| **Indexação** | GSI, LSI | Não suportado | Indexação SQL completa | +| **Modo de capacidade** | On-demand, provisionado | Serverless | Serverless | + +#### Guia de Decisão de Migração + +| Recurso DynamoDB | Serviço Azion Recomendado | +| :--------------- | :------------------------ | +| Consultas por chave primária | KV Store | +| Operações key-value simples | KV Store | +| Storage de sessão | KV Store | +| Feature flags, configuração | KV Store | +| Consultas complexas com filtros | SQL Database | +| Consultas por índice secundário | SQL Database | +| Agregações, joins | SQL Database | +| Modelo de dados relacional | SQL Database | + +#### Migre para KV Store + +Para workloads key-value, use KV Store com API similar a Redis: + + console.error('KV Error:', err)) + .connect(); + +// Antes: DynamoDB GetItem +// const result = await dynamodb.getItem({ +// TableName: 'Users', +// Key: { userId: { S: '123' } } +// }).promise(); + +// Depois: KV Store get +const userData = await client.get('user:123'); + +// Antes: DynamoDB PutItem +// await dynamodb.putItem({ +// TableName: 'Users', +// Item: { userId: { S: '123' }, name: { S: 'John' } } +// }).promise(); + +// Depois: KV Store set +await client.set('user:123', JSON.stringify({ name: 'John' }), { + expiration: { type: 'EX', value: 3600 } // TTL de 1 hora +}); +`} /> + +#### Crie um KV Store + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **KV Store**. +3. Clique em **+ Store**. +4. Insira um nome para seu store. +5. Configure as definições. +6. Clique em **Save**. + + + + +:::note +Namespaces de KV Store são criados via `/v4/workspace/kv/namespaces`. Use o nome do namespace em suas Functions para interagir com o store. +::: + + + +#### Migre para SQL Database + +Para workloads de consulta complexa, migre para SQL Database: + + :date' +// }).promise(); + +// Depois: consulta SQL Database +const orders = await db.query( + 'SELECT * FROM orders WHERE customer_id = ? AND order_date > ?', + ['customer-123', '2024-01-01'] +); + +// Itere resultados +let row = await orders.next(); +while (row) { + console.log(row.getString(0)); // acessa coluna por índice + row = await orders.next(); +} +`} /> + +#### Crie um SQL Database + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **SQL Database**. +3. Clique em **+ Database**. +4. Insira um nome para seu banco de dados. +5. Crie tabelas usando SQL Shell ou API. +6. Importe seus dados. + + + + +:::note +Instâncias de SQL Database são criadas via `/v4/workspace/sql/databases`. Use SQL Shell ou a API para criar tabelas e importar dados. +::: + + + +#### Exporte Dados do DynamoDB + +Exporte dados do DynamoDB e transforme para importação: + + + +#### Migração de Global Tables + +DynamoDB Global Tables fornecem replicação multi-Region. KV Store é global por padrão: + +| DynamoDB Global Tables | Azion KV Store | +| :--------------------- | :------------- | +| Replicação multi-Region | Global por padrão | +| Resolução de conflito: last writer wins | Sincronização automática | +| Consistência eventual | Acesso global de baixa latência | +| Custo adicional por escrita replicada | Sem custo adicional de replicação | + +#### Documentação de referência + +* [KV Store](https://www.azion.com/pt-br/documentacao/produtos/store/kv-store/) +* [Biblioteca KV (azion/kv)](https://www.azion.com/pt-br/documentacao/produtos/azion-lib/kv/) +* [SQL Database](https://www.azion.com/pt-br/documentacao/produtos/store/sql-database/) +* [Crie um banco de dados](https://www.azion.com/pt-br/documentacao/produtos/store/sql/create-database/) +* [Instale SQL Shell](https://www.azion.com/pt-br/documentacao/produtos/store/sql/install-edge-sql-shell/) +* [Importe dados para SQL Database](https://www.azion.com/pt-br/documentacao/produtos/guias/import-data-sql-database/) + +### 3. Migrando RDS/Aurora para SQL Database + +A migração de banco relacional move seus dados transacionais e workloads SQL para Azion SQL Database. O Azion SQL Database é compatível com SQLite e fornece conformidade ACID com arquitetura Main/Replicas distribuída. + +#### Diferenças Principais + +| Aspecto | Amazon RDS/Aurora | Azion SQL Database | +| :----- | :---------------- | :----------------- | +| **Engine** | MySQL, PostgreSQL, MariaDB, Oracle, SQL Server | SQLite | +| **Compatibilidade** | Específica por engine | API compatível com PostgreSQL | +| **Arquitetura** | Primary/Replicas | Main/Replicas (distribuída) | +| **Conexão** | String de conexão, connection pooling | Runtime API (sem necessidade de connection pooling) | +| **Transações** | ACID | ACID | +| **Scaling** | Scaling vertical, read replicas | Arquitetura distribuída | +| **Região** | Single ou multi-Region | Rede global | + +#### Migração de PostgreSQL para SQL Database + +Para workloads PostgreSQL, o Azion SQL Database fornece uma interface SQL familiar: + +\`); + row = await result.next(); +} +`} /> + +#### Crie um SQL Database + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **SQL Database**. +3. Clique em **+ Database**. +4. Insira um nome para seu banco de dados. +5. Clique em **Save**. +6. Use **SQL Shell** para criar tabelas e importar dados. + + + + +:::note +Instâncias de SQL Database são criadas via `/v4/workspace/sql/databases`. Use o endpoint de query para executar instruções DDL de criação de tabelas. +::: + + + +#### Exporte e Importe Dados + +Exporte dados de RDS/Aurora e importe para SQL Database: + + export.sql + +# Para Aurora, você também pode usar Snapshot Export para S3 +aws rds start-export-task \ + --export-task-identifier my-export \ + --source-arn arn:aws:rds:region:account:cluster:my-aurora-cluster \ + --s3-bucket-name my-export-bucket \ + --export-only data + +# Importe para Azion SQL Database via SQL Shell +# Conecte ao SQL Shell e execute o arquivo export.sql +# Ou use a API de importação +`} /> + +#### Mapeamento de Tipos de Dados + +| Tipo PostgreSQL | Equivalente SQLite | +| :-------------- | :---------------- | +| INTEGER, BIGINT, SMALLINT | INTEGER | +| SERIAL, BIGSERIAL | INTEGER (auto-increment) | +| VARCHAR(n), CHAR(n), TEXT | TEXT | +| BOOLEAN | INTEGER (0 ou 1) | +| REAL, DOUBLE PRECISION | REAL | +| DECIMAL, NUMERIC | REAL | +| DATE, TIME, TIMESTAMP | TEXT (formato ISO 8601) | +| JSON, JSONB | TEXT (use funções JSON) | +| UUID | TEXT | +| BYTEA | BLOB | + +#### Documentação de referência + +* [SQL Database](https://www.azion.com/pt-br/documentacao/produtos/store/sql-database/) +* [Vector Search](https://www.azion.com/pt-br/documentacao/produtos/store/sql-database/vector-search/) +* [Crie um banco de dados](https://www.azion.com/pt-br/documentacao/produtos/store/sql/create-database/) +* [Instale SQL Shell](https://www.azion.com/pt-br/documentacao/produtos/store/sql/install-edge-sql-shell/) +* [Comandos SQL Database Shell](https://www.azion.com/pt-br/documentacao/produtos/store/sql/sql-database-shell-commands/) +* [Importe dados para SQL Database](https://www.azion.com/pt-br/documentacao/produtos/guias/import-data-sql-database/) +* [Referência da API SQL Database](https://www.azion.com/pt-br/documentacao/runtime/api-reference/sql-database/) + +### 4. Migrando ElastiCache para Cache / KV Store + +ElastiCache fornece cache em memória com Redis ou Memcached. A Azion fornece cache por meio de Cache e storage key-value por meio de KV Store. + +#### Diferenças Principais + +| Aspecto | Amazon ElastiCache | Azion Cache | Azion KV Store | +| :----- | :---------------- | :---------- | :------------- | +| **Tipo** | Cache em memória | Cache | Key-value distribuído | +| **Engines** | Redis, Memcached | Cache HTTP | API similar a Redis | +| **Persistência** | Opcional (Redis AOF/RDB) | TTL baseado em tempo | Persistente | +| **Estruturas de dados** | Strings, hashes, lists, sets, sorted sets | Respostas HTTP | Strings, hashes | +| **Replicação** | Cluster mode, replication groups | Rede global | Global por padrão | +| **Acesso** | Conexão TCP | Requisição/resposta HTTP | Runtime API | + +#### Guia de Decisão de Migração + +| Caso de Uso ElastiCache | Serviço Azion Recomendado | +| :------------------- | :------------------------ | +| Cache de resposta HTTP | Cache | +| Storage de sessão | KV Store | +| Contadores de rate limiting | KV Store | +| Feature flags | KV Store | +| Cache de consulta de banco | Cache + Functions | +| Mensageria Pub/Sub | Functions + KV Store | +| Leaderboards, sorted sets | SQL Database | +| Estruturas de dados complexas | SQL Database | + +#### Migre Cache Redis para KV Store + +Para operações key-value similares a Redis, use KV Store: + + console.error('KV Error:', err)) + .connect(); + +// Antes: Redis SET com expiração +// await redis.set('session:abc123', JSON.stringify(sessionData), 'EX', 3600); + +// Depois: KV Store set com expiração +await client.set('session:abc123', JSON.stringify(sessionData), { + expiration: { type: 'EX', value: 3600 } +}); + +// Antes: Redis GET +// const data = await redis.get('session:abc123'); + +// Depois: KV Store get +const data = await client.get('session:abc123'); + +// Antes: Redis DEL +// await redis.del('session:abc123'); + +// Depois: KV Store delete +await client.delete('session:abc123'); +`} /> + +#### Documentação de referência + +* [KV Store](https://www.azion.com/pt-br/documentacao/produtos/store/kv-store/) +* [Biblioteca KV (azion/kv)](https://www.azion.com/pt-br/documentacao/produtos/azion-lib/kv/) +* [Cache](https://www.azion.com/pt-br/documentacao/produtos/build/applications/cache/) +* [Cache Settings](https://www.azion.com/pt-br/documentacao/produtos/build/applications/cache-settings/) +* [Tiered Cache](https://www.azion.com/pt-br/documentacao/produtos/build/applications/cache/tiered-cache/) +* [Rules Engine para Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/rules-engine/) + +## Observe + +A categoria Observe cobre analytics, métricas, logs e tracing distribuído. Migrar observabilidade garante que você mantenha visibilidade de produção, capacidade de troubleshooting e relatórios de conformidade após o cutover. + +### 1. Migrando CloudWatch Metrics para Real-Time Metrics + +CloudWatch Metrics fornece monitoramento para recursos AWS e aplicações. Azion Real-Time Metrics entrega recursos comparáveis por meio de uma GraphQL API e dashboards integrados com agregação de dados quase em tempo real. + +#### Diferenças Principais + +| Aspecto | Amazon CloudWatch Metrics | Azion Real-Time Metrics | +| :----- | :------------------------ | :---------------------- | +| **Atualidade dos dados** | Quase em tempo real (1-5 minutos) | Quase em tempo real (até 10 minutos) | +| **Retenção** | 15 meses (padrão) | 2 anos | +| **Método de consulta** | GetMetricStatistics API, CloudWatch Insights | GraphQL API, dashboards do Console | +| **Métricas** | Métricas customizadas, baseadas em namespace | Requisições, bandwidth, latência, cache, WAF, DNS | +| **Granularidade** | 1 segundo a 1 dia | Intervalos adaptativos (minuto/hora/dia) | +| **Dashboards** | CloudWatch Dashboards | Real-Time Metrics + plugin Grafana | +| **Alarmes** | CloudWatch Alarms | Monitoramento externo via Data Stream | + +#### Métricas Disponíveis + +Azion Real-Time Metrics fornece monitoramento abrangente entre categorias de produtos: + +**Métricas Build:** +- **Applications**: total de requisições, dados transferidos, status codes, economia de bandwidth, tempo médio de requisição +- **Functions**: total de invocações, tempo de execução +- **Image Processor**: total de requisições, requisições por segundo +- **Tiered Cache**: caching offload, L2 offload + +**Métricas Secure:** +- **WAF**: ameaças vs requisições, SQL injection, XSS, RFI, ameaças por país +- **Edge DNS**: total de consultas +- **Bot Manager**: bot hits, bad bot hits, good bot hits, classificação de tráfego + +**Métricas Observe:** +- **Data Stream**: total de dados transmitidos, total de requisições + +#### Passos de Configuração + + + Console + API (GraphQL) + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Products menu** > **Real-Time Metrics**. +3. Selecione uma aba de categoria (Build, Secure, Observe). +4. Selecione uma aba de produto para ver métricas específicas. +5. Configure **Time range** (Last Hour, 24 Hours, 7 Days, 30 Days, 6 Months). +6. Use **Filters** para refinar a análise por host, status code ou outras dimensões. +7. Clique no menu de contexto de qualquer gráfico para exportar CSV ou copiar a consulta GraphQL. + + + + +:::note +Real-Time Metrics usa a GraphQL API em `https://console.azion.com/metrics/graphql`. Consultas suportam filtros por intervalo de tempo, funções de agregação (sum, avg), agrupamento e ordenação. A API retorna até 10.000 linhas por consulta. +::: + + + +#### Exemplos de Consulta GraphQL + +**Consultar requisições por status code:** + + + +**Consultar ameaças WAF por país:** + + + +**Consultar dados transferidos para host específico:** + + + +#### Migração de CloudWatch Alarm + +CloudWatch Alarms notificam sobre limites de métricas. A Azion não fornece alertas integrados, mas você pode alcançar funcionalidade semelhante: + +| CloudWatch Alarm | Equivalente Azion | +| :--------------- | :--------------- | +| Alarme de limite de métrica | Configure alertas em monitoramento externo (Datadog, Splunk) via Data Stream | +| Alarmes compostos | Functions com lógica customizada + Data Stream | +| Detecção de anomalia | Plataformas externas de SIEM/analytics | + +#### Integração com Grafana + +Use o plugin Grafana da Azion para dashboards customizados: + + + +Consulte a [documentação do plugin Grafana](https://github.com/aziontech/grafana-plugin) para configuração de dashboards. + +#### Documentação de referência + +* [Real-Time Metrics](https://www.azion.com/pt-br/documentacao/produtos/observe/real-time-metrics/) +* [Real-Time Metrics primeiros passos](https://www.azion.com/pt-br/documentacao/produtos/observe/real-time-metrics/first-steps/) +* [Historical Real-Time Metrics](https://www.azion.com/pt-br/documentacao/produtos/observe/historical-real-time-metrics/) +* [Analise métricas](https://www.azion.com/pt-br/documentacao/produtos/guias/observe/analyze-metrics/) +* [Dashboards customizados do plugin Grafana](https://www.azion.com/pt-br/documentacao/produtos/guias/azion-plugin-grafana-custom-dash/) +* [Dashboards prontos do plugin Grafana](https://www.azion.com/pt-br/documentacao/produtos/guias/azion-plugin-grafana-pre-built-dash/) + +### 2. Migrando CloudWatch Logs para Real-Time Events + +CloudWatch Logs coleta e armazena dados de log de recursos AWS. Azion Real-Time Events fornece acesso imediato a logs pelo Console ou GraphQL API para troubleshooting e investigação em tempo real. + +#### Diferenças Principais + +| Aspecto | Amazon CloudWatch Logs | Azion Real-Time Events | +| :----- | :--------------------- | :--------------------- | +| **Método de acesso** | GetLogEvents API, CloudWatch Logs Insights | Consulta em tempo real via Console ou GraphQL API | +| **Latência** | Segundos a minutos | Segundos | +| **Retenção** | 1 dia a 10 anos (configurável) | 7 dias (168 horas), 2 anos para Activity History | +| **Linguagem de consulta** | CloudWatch Logs Insights (similar a SQL) | Consultas GraphQL | +| **Log groups** | Log groups com log streams | Fontes de dados por tipo de produto | +| **Metric filters** | Cria métricas a partir de logs | Use Data Stream para processamento customizado | + +#### Mapeamento de Fontes de Dados + +| CloudWatch Log Group | Fonte de Dados Azion Real-Time Events | +| :------------------- | :------------------------------------ | +| /aws/cloudfront/... | HTTP Requests | +| /aws/lambda/... | Functions | +| /aws/waf/... | HTTP Requests (campos WAF) | +| /aws/route53/... | Edge DNS | +| CloudTrail | Activity History | + +#### Passos de Configuração + + + Console + API (GraphQL) + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Products menu** > **Real-Time Events**. +3. Selecione a aba **Data Source** (HTTP Requests, Functions, Edge DNS etc.). +4. Configure **Time filter** (Last 15 minutes até Last 7 days, ou Custom time range). +5. Adicione filtros para restringir resultados (host, status, remote address etc.). +6. Clique em **Search** para consultar logs. +7. Clique em qualquer linha para ver informações detalhadas de log em **More details**. + + + + +:::note +A GraphQL API de Real-Time Events consulta dados das últimas 168 horas (7 dias). Para Activity History, consultas podem abranger até 2 anos. A API suporta filtros, ordenação e paginação baseada em cursor. +::: + + + +#### Migração de CloudWatch Logs Insights para GraphQL + +Converta consultas CloudWatch Logs Insights para GraphQL de Real-Time Events: + +**Consulta CloudWatch Logs Insights:** += 500 +| sort @timestamp desc +| limit 100 +`} /> + +**Equivalente Azion GraphQL:** + + +#### Variáveis Disponíveis por Fonte de Dados + +**HTTP Requests:** +- Metadados da requisição: `ts`, `remoteAddress`, `remotePort`, `host`, `requestUri`, `requestMethod`, `status` +- Performance: `requestTime`, `upstreamResponseTime`, `upstreamHeaderTime` +- Bandwidth: `bytesSent`, `requestLength`, `upstreamBytesReceived`, `upstreamBytesSent` +- Cache: `upstreamCacheStatus` +- Segurança: `wafBlock`, `wafMatch`, `wafScore`, `wafLearning` +- Geo: `geoipCountryName`, `geoipRegionName`, `geoipAsn` +- TLS: `sslCipher`, `sslProtocol` + +**Functions:** +- `functionId`, `functionsList`, `functionsTime`, `functionLanguage` + +**Edge DNS:** +- `level`, `qType`, `resolutionType`, `statusCode`, `zoneId` + +#### Métricas Baseadas em Logs + +Para criar métricas a partir de logs (equivalente a CloudWatch metric filters), use Data Stream: + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Products menu** > **Data Stream**. +3. Clique em **+ Stream**. +4. Selecione **Applications** como fonte de dados. +5. Use **Custom Template** para selecionar variáveis específicas. +6. Escolha um endpoint (Datadog, Splunk, Elasticsearch etc.). +7. Configure o destino para processamento de logs. +8. Ative o stream. + + + + + + + +#### Documentação de referência + +* [Real-Time Events](https://www.azion.com/pt-br/documentacao/produtos/observe/real-time-events/) +* [Real-Time Events primeiros passos](https://www.azion.com/pt-br/documentacao/produtos/observe/real-time-events/first-steps/) +* [Investigue requisições com GraphQL API](https://www.azion.com/pt-br/documentacao/produtos/guias/observe/investigue-requisicoes-graphql-api/) +* [Configure sampling](https://www.azion.com/pt-br/documentacao/produtos/guias/observe/configure-sampling/) + +### 3. Migrando X-Ray para Data Stream + +AWS X-Ray fornece tracing distribuído e tracing de requisições entre serviços. Azion Data Stream permite transmitir dados de observabilidade para destinos externos para análise de tracing distribuído. + +#### Diferenças Principais + +| Aspecto | AWS X-Ray | Azion Data Stream | +| :----- | :-------- | :---------------- | +| **Coleta de traces** | Automática com X-Ray SDK | Transmite logs para sistemas externos de tracing | +| **Mapa de serviços** | Visualização integrada de service map | Ferramentas externas (Datadog, Jaeger, Splunk) | +| **Análise de trace** | Console X-Ray | Plataformas externas de tracing | +| **Annotations** | Pares key-value customizados | Templates de log customizados | +| **Sampling** | Regras de sampling configuráveis | Percentual de sampling configurável | +| **Destinos** | Console X-Ray, CloudWatch | 10+ destinos externos | + +#### Migração de Fluxo de Dados de Tracing + +| Conceito AWS X-Ray | Equivalente Azion | +| :---------------- | :--------------- | +| Segments | Entradas de log de requisição/resposta | +| Subsegments | Logs de execução de Functions | +| Service graph | Integrado em ferramentas externas de tracing (Datadog, Jaeger) | +| Propagação de Trace ID | Cabeçalhos customizados via Rules Engine ou Functions | +| Annotations | Variáveis de log no template de Data Stream | + +#### Passos de Configuração + + + Console + API + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Products menu** > **Data Stream**. +3. Clique em **+ Stream**. +4. Selecione **Applications** como fonte de dados para tracing de requisições. +5. Selecione **Functions** como fonte de dados adicional para traces de execução de funções. +6. Crie um **Custom Template** com variáveis relacionadas a trace: + - `$request_id` (identificador único de trace) + - `$ts` (timestamp) + - `$upstream_addr` (endereço da origem) + - `$upstream_response_time` (tempo de resposta) + - `$request_uri`, `$status`, `$host` +7. Escolha um endpoint compatível com tracing (Datadog, Splunk, Elasticsearch, Kafka). +8. Configure credenciais do destino. +9. Ative o stream. + + + + +:::note +Data Stream usa o endpoint `/v4/workspace/stream/streams`. Configure templates customizados com variáveis relevantes para trace. O campo `$request_id` fornece um identificador único para correlacionar requisições entre serviços. +::: + + + +#### Propagação de Trace ID + +Para habilitar tracing distribuído entre serviços, propague o contexto de trace via cabeçalhos HTTP: + +**Usando Rules Engine:** + + + +**Usando Functions:** + + + +#### Endpoints Suportados para Tracing + +Data Stream suporta múltiplos endpoints adequados para tracing distribuído: + +| Endpoint | Caso de Uso | +| :------- | :---------- | +| **Datadog** | APM completo e tracing distribuído | +| **Splunk** | Log analytics e tracing | +| **Elasticsearch** | Busca e correlação de trace | +| **Apache Kafka** | Stream para Jaeger, Zipkin ou tracing customizado | +| **Google BigQuery** | Data warehouse para análise de trace | +| **AWS Kinesis Data Firehose** | Integração com AWS X-Ray ou outros serviços AWS | +| **Standard HTTP/HTTPS POST** | Sistemas customizados de tracing | + +#### Migração de Data Firehose + +AWS Kinesis Data Firehose entrega dados de streaming para destinos. Azion Data Stream fornece recursos semelhantes: + +| AWS Kinesis Data Firehose | Azion Data Stream | +| :------------------------ | :---------------- | +| Destino S3 | Endpoint S3 (qualquer storage compatível com S3) | +| Destino Redshift | BigQuery ou endpoint HTTP customizado | +| Destino Elasticsearch | Endpoint Elasticsearch | +| Endpoint HTTP | Standard HTTP/HTTPS POST | +| Transformação de dados (Lambda) | Functions para pré-processamento | + +**Configure Data Stream para S3:** + + + +#### CloudWatch RUM para Edge Pulse + +CloudWatch RUM fornece monitoramento de usuário real. Azion Edge Pulse entrega recursos comparáveis: + +| Aspecto | CloudWatch RUM | Azion Edge Pulse | +| :----- | :------------- | :--------------- | +| **Coleta de dados** | JavaScript SDK | JavaScript SDK | +| **Métricas** | Page load, Core Web Vitals, erros JavaScript | Métricas de usuário real, dados de performance | +| **Session replay** | Disponível | Disponível via integração | +| **Eventos customizados** | API de eventos customizados | Eventos customizados via SDK | + +Configure Edge Pulse para monitoramento de usuário real: + + + Console + + +1. Acesse o [Azion Console](https://console.azion.com/). +2. Vá para **Products menu** > **Edge Pulse**. +3. Crie uma nova instância Pulse. +4. Configure o snippet JavaScript para sua aplicação. +5. Adicione o snippet ao HTML da sua aplicação. +6. Configure definições de coleta de dados. +7. Veja métricas em Real-Time Metrics sob Edge Pulse. + + + +#### Documentação de referência + +* [Data Stream](https://www.azion.com/pt-br/documentacao/produtos/observe/data-stream/) +* [Data Stream primeiros passos](https://www.azion.com/pt-br/documentacao/produtos/observe/data-stream/first-steps/) +* [Use Data Stream](https://www.azion.com/pt-br/documentacao/produtos/guias/use-data-stream/) +* Connectors: [Amazon S3](https://www.azion.com/pt-br/documentacao/produtos/guias/endpoint-amazon-s3/), [Azion Object Storage](https://www.azion.com/pt-br/documentacao/produtos/guias/connector-azion-object-storage/), [Datadog](https://www.azion.com/pt-br/documentacao/produtos/guias/endpoint-datadog/), [Splunk](https://www.azion.com/pt-br/documentacao/produtos/guias/endpoint-splunk/), [Elasticsearch](https://www.azion.com/pt-br/documentacao/produtos/guias/endpoint-elasticsearch/), [Kinesis](https://www.azion.com/pt-br/documentacao/produtos/guias/endpoint-amazon-kinesis/), [BigQuery](https://www.azion.com/pt-br/documentacao/produtos/guias/endpoint-google-bigquery/) +* [Edge Pulse](https://www.azion.com/pt-br/documentacao/produtos/observe/edge-pulse/) + +## Solução de Problemas + +| Problema | Causa Provável | Solução | +| :------ | :----------- | :------- | +| DNS não resolve | Atraso de propagação de nameserver | Aguarde até 48 horas após atualizar nameservers; verifique com `dig yourdomain.com NS` | +| Validação de certificado falha | Propriedade do domínio não verificada | Confirme se o registro DNS TXT ou challenge HTTP está acessível; verifique o status no Certificate Manager | +| Function retorna `process.env not defined` | Sintaxe de variável de ambiente Node.js usada | Use `Azion.env.get('VARIABLE_NAME')` em vez de `process.env.VARIABLE_NAME` | +| Cache não purga como esperado | Requisição de purge ainda em processamento | Aguarde 5-10 minutos; verifique purge com `curl -I` para checar cabeçalhos; use purge wildcard para mudanças amplas | +| Regras WAF bloqueiam tráfego legítimo | Sensibilidade alta demais ou falso positivo | Coloque o WAF em modo Learning primeiro; revise requisições bloqueadas em Real-Time Events; ajuste a sensibilidade | +| Timeouts de conexão com origem | Connector mal configurado ou origem indisponível | Verifique endereço e porta do Connector; confira health da origem; aumente timeout nas configurações do Connector | +| Falhas de handshake SSL | Certificado incompatível ou cadeia incompleta | Verifique se o certificado cobre o domínio; inclua CA intermediária na cadeia; confira a versão TLS mínima | +| Erros CORS em requisições de API | Cabeçalhos CORS ausentes na resposta | Adicione cabeçalhos CORS via Rules Engine: `Access-Control-Allow-Origin`, `Access-Control-Allow-Methods` | +| Erros de assinatura de função Lambda | Estrutura de evento CloudFront difere da Azion | Atualize a função para usar assinatura `fetch(request, env, ctx)`; acesse a requisição via objeto `request` | +| Consultas DynamoDB falham após migração | Sintaxe da API KV Store difere | Atualize o código para usar `KVStore` de `azion:kv`; confira convenções de nome de chave | +| Uploads S3 falham com 403 | Credenciais ou endpoint incorretos | Verifique Access Key e Secret Key; confirme que o endpoint é `s3.us-east-005.azionstorage.net` | +| Métricas CloudWatch não aparecem | Data Stream não configurado | Configure Data Stream para exportar métricas; verifique credenciais e formato do destino | + +## Principais Vantagens Após a Migração + +| Capacidade | Antes (AWS) | Depois (Azion) | +| :--------- | :----------- | :------------ | +| **Plataforma unificada** | Múltiplos consoles para CloudFront, Lambda, S3, Route 53, WAF, CloudWatch | Console único para compute, storage, segurança e observabilidade | +| **Cold starts** | Possíveis em Lambda (especialmente com VPC) | Minimizados com V8 isolates distribuídos | +| **Distribuição global** | Regiões e edge locations (200+ PoPs) | Localizações da plataforma Azion no mundo todo com performance consistente | +| **Modelo de preço** | Cobrança por serviço, taxas de transferência de dados, contagem de requisições | Cobrança consolidada mais simples; custo zero de DTO para Object Storage | +| **Observabilidade** | CloudWatch com dashboards, logs e alarmes separados | Real-Time Metrics e Events com acesso instantâneo via Console ou GraphQL API | +| **Integração de segurança** | WAF, Shield, IAM como serviços separados | WAF, DDoS Protection e Bot Manager integrados a workloads | + +## Próximos Passos + +Após concluir sua migração: + +* Revise [Real-Time Metrics](https://www.azion.com/pt-br/documentacao/produtos/observe/real-time-metrics/) para monitorar a performance da aplicação +* Configure [Real-Time Events](https://www.azion.com/pt-br/documentacao/produtos/observe/real-time-events/) para visibilidade de produção +* Configure [Web Application Firewall](https://www.azion.com/pt-br/documentacao/produtos/secure/firewall/web-application-firewall/) para segurança de produção +* Revise os guias individuais de recursos para configuração avançada +* Configure [Data Stream](https://www.azion.com/pt-br/documentacao/produtos/observe/data-stream/) para exportar logs para suas ferramentas existentes de SIEM ou analytics + +### Comece com um Projeto Pequeno + +A melhor forma de começar não é com a aplicação mais complexa do seu portfólio. Comece com um projeto significativo o bastante para validar o caminho de migração, mas pequeno o suficiente para mover com rapidez e segurança. + +Escolha uma aplicação ou workload que inclua partes representativas da sua arquitetura: uma distribuição CloudFront, algumas funções Lambda, um bucket S3, talvez uma tabela DynamoDB. Use esse projeto para validar o workflow, documentar o processo e identificar padrões internos que sua equipe pode reutilizar. + +A partir daí, expanda gradualmente. Migre comportamentos de cache mais complexos. Mova funções adicionais. Traga workloads de storage e banco de dados. Adicione observabilidade. Revise regras de segurança. Então prepare cutovers de produção com mais confiança. + +### Próximos Passos Recomendados + +* [Crie sua conta Azion gratuita](https://console.azion.com/signup) +* [Leia a documentação de Applications](https://www.azion.com/pt-br/documentacao/produtos/build/applications/) +* [Explore a Azion CLI](https://www.azion.com/pt-br/documentacao/produtos/azion-cli/visao-geral/) +* [Participe da comunidade Azion](https://www.azion.com/pt-br/documentacao/community/) + +## Precisa de Ajuda? + +Receba ajuda da [equipe de Suporte da Azion](https://www.azion.com/pt-br/documentacao/), ou entre na nossa [comunidade no Discord](https://discord.gg/azion) para ver como outras pessoas estão usando a Azion.