GCP to AWS Migration

  • Updated on Apr 11, 2025
  • Published on Mar 28, 2025
  • 6 minute(s) read

Executive Summary

Traceable is migrating from Google Cloud Platform (GCP) to Amazon Web Services (AWS) to enhance security controls and maintain regulatory compliance. This transition is part of Traceable’s long-term strategy to deliver a more secure, high-performance, and resilient SaaS platform.

This document outlines the business drivers behind the migration, the potential impact on customers, and the steps being taken to ensure a smooth and seamless transition.

Business Drivers for Migration

Compliance Readiness

As regulatory requirements evolve, AWS provides FIPS 140-3 compliant infrastructure. This positions Traceable for future certifications such as FedRAMP, ISO 27001, 27017, and 27018 while continuing to meet existing obligations under GDPR, SOC 2, and other frameworks.

Note

New certifications are currently in the planning stage. At this time, Traceable is not committing to specific completion dates. A Traceable SOC 2 on AWS is planned for completion in 2025.

Compliance and Security Commitments

Traceable remains dedicated to upholding the highest standards of security and compliance. Key commitments include:

  • GDPR & SOC 2 Compliance — Ensuring continued adherence to data protection regulations

  • Traceable Security and Governance — Ensuring continued adherence to all Traceable Security and Governance Policies

  • AWS Security Enhancements — Leveraging AWS-native FIPS 140-3 compliant security tools such as AWS Key Management Service (KMS) for encryption and IAM for access control

  • Zero Trust & Least Privilege Models — Strengthening identity and access management controls

Technical Migration Strategy

The migration plan is designed to minimize customer impact and ensure platform stability. The process will occur in four key phases:

Phase 1: Infrastructure Replication

Build out AWS environments with security configurations of the source Infrastructure in GCP (Including Any Bring Your Key setup)

Phase 2: Data and Application Migration

Moving configurations, models, and entity stores while ensuring data and application configurations integrity.

Phase 3: Testing and Optimization

Validating system performance before complete transition.

Phase 4: Full Cutover

Transition production workloads to AWS.

Note

Each phase is reviewed and approved by Traceable’s Information Security and Governance, Risk, and Compliance (GRC) team.

Customer Impact and Required Actions

Customers can expect a seamless transition with no major functional changes. Our Customer Experience (CX) team will notify you at least 7 days in advance. However, some customers may need to:

  • There is no Impact on the customer’s monitored applications.

  • Post-migration, update the IP allow listing for new AWS-based SaaS services (if in place). Please do not remove old IPs until the old cluster is deprecated.

  • Post migration, leverage  (the plan may be to keep the old environment around for 30 days to fail back or for historical data access, if needed).

  • Restart Traceable Platform Agent (TPA) and API Security Testing (AST) runners post-migration to ensure traffic is routed to whitelisted IPs permanently in the future.

  • Restart AST runners (CI/CD integration based scans will continue to run post IP address whitelisting).

What Is Being Migrated?

The following components will be migrated:

  • 100% of the tenants' account information, tenant configuration, and policies (for example, any API cataloging and risk score configuration and API/agent tokens will continue to work as is).

  • Tenant Application Secrets such as TPA token, Integration tokens, etc.

  • Analytics data and trained ML models are NOT migrated (Any raw traces, spans, and security events will not be migrated, however, we will keep the old SaaS account available for 30 days if needed to have access to historic data).

Note

Raw traces, spans, and security events will not be migrated. However, the GCP environment will remain accessible for 30 days post-migration for historical data access.

APAC Cluster Migration

  1. IPs and Domains to be allowlisted

    Following new AWS IPs to be allowlisted in addition to the existing GCP IPs:

  • Traceable Platform Egress IPs

    • 43.218.206.129

    • 108.137.105.114

  • Traceable Platform Ingress IP

    • 43.218.253.231

    • 16.79.18.216

  1. Domains

    • app.apac.traceable.ai

    • api.apac.traceable.ai

Migration Window

12-Apr-2025 (Saturday) - 4:30 AM to 4:30 PM UTC

Future Roadmap

Beyond the migration, Traceable is committed to enhancing its AWS-based offerings with:

  • Advanced security analytics powered by AWS services

  • New integrations and API capabilities for customers

  • Continuous compliance enhancements to support evolving regulations

What This Means for You

This migration to AWS reflects Traceable’s proactive approach to future-proofing its platform for security, compliance, and scalability. With this transition, customers will benefit from improved resilience, performance, and regulatory readiness without experiencing service and data disruptions.

For additional information or assistance, please get in touch with our support team at support@traceable.ai

Frequently Asked Questions (FAQ)

Why is Traceable migrating to AWS from GCP?

Traceable is migrating to AWS as part of a long-term strategy to deliver a more secure, high-performance, and resilient SaaS platform. AWS provides better integration with our existing technology stack and offers improved performance and reliability for our customers. Additionally, AWS helps us prepare for future compliance requirements such as FedRAMP by providing FIPS 140-3 compliant infrastructure.

Note

Any new certifications are currently in the planning stage. Traceable is not committing to a timeline at this time.

What impact will the migration have on customers?

Customers can expect the same levels (if not more) of resilience and SaaS performance post migration. The migration will not impact core functionalities, and all services will remain accessible. Some customers may need to update configurations such as IP whitelisting or encryption keys as well as restart their Traceable Platform Agents (TPA) post migration to pick up DNS changes (there won’t be any impact during migration given traffic will be seamlessly routed from SaaS backend).

Our Customer Experience (CX) team will notify you at least 7 days in advance, and we will accommodate customer preferences where possible.

Will there be downtime?

No downtime is expected.

Customers will be notified in advance if a temporary service interruption becomes necessary. Any downtime would be a one-time, scheduled activity, coordinated closely with the customer and fully supported by Traceable’s engineering and customer experience teams.

Will customer data move across regions or borders?

Data-at-rest migration will comply with regional data residency requirements. Customers will be informed in advance if any data needs to move across borders.

Will compliance with GDPR, SOC 2, and other data transfer regulations continue?

Yes. Traceable will adhere to applicable data protection and compliance frameworks, including GDPR and SOC 2.

Will data integrity be maintained during migration?

Yes. Measures such as checksums, validation processes, and backup snapshots will be used to ensure data integrity throughout the migration process.

Will there be changes to data retention, storage, or disposal policies?

No changes are expected at this time. If updates are required in the future, customers will be notified in advance.

Will customers incur additional cost or effort?

Customers will not incur an additional cost. However, some configuration changes may be required as part of the migration process, such as updating the allow listing and restarting TPAs and AST runners.

Will existing platform configurations and policies change?

No. All configurations and policies will remain intact and functional after the migration.

What encryption methods and key management will be used in AWS?

Traceable will use AWS Key Management Service (KMS) and AES-256 encryption, which meet or exceed the standards previously used on GCP.

How will data access be controlled?

The principle of least privilege and a zero-trust model will govern access. Access controls will be enforced using multi-factor authentication (MFA) and AWS Identity and Access Management (IAM) policies.

Will vulnerability scanning and penetration testing continue in AWS?

Yes. Traceable will continue conducting regular vulnerability scans and penetration tests per its Information Security Policy. Automated daily testing will continue using Cloud Security Posture Management (CSPM) tools.

What is Traceable’s incident response policy in AWS?

Incident response procedures will remain unchanged and follow Traceable’s established Incident Response Policy.

How will network security be handled in AWS?

Network security will include the use of firewalls, Web Application Firewalls (WAF), and network segmentation. Updated Data Flow Diagrams (DFDs) can be provided upon request.

How will Traceable communicate changes to security configurations or processes?

Customers will be informed through release notes, email notifications, and direct briefings, as applicable.

Will service-level agreements (SLAs) change?

SLAs will remain unchanged. AWS infrastructure will support existing availability, redundancy, and uptime guarantees in accordance with Traceable’s Vulnerability Management Policy.