Productised offer - Legacy API to AWS API Gateway Migration
Your legacy REST API rebuilt on AWS API Gateway and Lambda in six weeks, for a fixed £15,000. Zero downtime, full infrastructure as code, CI/CD, monitoring, and a documented handover.
Built for engineering teams running a public or internal REST API on a single server, an aging PaaS, or a Kubernetes cluster that is costing too much to keep alive — and who want the operational wins of serverless without the months of in-house spike work.
What you get - A production-ready, fully-managed API on AWS — in six weeks.
Not a prototype. A working, monitored, secured, documented API serving real traffic, with the old API still running so you can flip DNS when you are ready.
- API Gateway + Lambda. REST API endpoints rebuilt as AWS Lambda functions, fronted by API Gateway with route validation, custom authorisers, throttling, and usage plans configured.
- Infrastructure as code. Everything defined in AWS CDK or Terraform. Spin up a staging environment with one command. Roll back with one command. Audit every change through Git.
- Custom domain + SSL. Your existing API hostname pointed at the new API Gateway, with ACM-managed SSL certificates and automatic renewal. Clients see no change.
- Authentication & security. Cognito, custom JWT authorisers, or your existing auth provider wired into API Gateway. AWS WAF rules for IP/pattern protection. Per-route rate limiting. Request validation.
- Observability built in. CloudWatch dashboards covering latency, error rate, throttles, and cost. Alarms wired to email or Slack. X-Ray tracing for slow requests. Structured JSON logs.
- CI/CD pipeline. GitHub Actions or AWS CodePipeline deploying to dev / staging / production on every merge. Automated tests gate the production deploy. Preview environments per PR.
- OpenAPI documentation. Auto-generated OpenAPI 3.1 spec, plus a hosted documentation site (Swagger UI or Redoc). New developers onboard in an hour instead of a week.
- Contract-tested parity. Every migrated endpoint validated against the legacy API with recorded request/response fixtures. Any behavioural drift caught before DNS flips.
- Zero-downtime cutover. Old and new APIs run in parallel during the migration. Cut over with a DNS change you can revert in minutes if anything looks off.
A recent example - A UK media analytics business — from creaking PHP API to AWS serverless.
A SaaS in the media-analytics space had a public REST API powering integrations for several enterprise customers — running on a single PHP server that had outgrown its hardware. Deploys took 25 minutes, every other release broke something, and monthly hosting costs were creeping past what AWS would charge.
Before
- Single PHP server, no redundancy
- ~600ms p95 response time
- 25-minute manual deploys
- No monitoring beyond cron-checked uptime pings
- Ad-hoc auth, no rate limiting
After (week 6)
- API Gateway + Lambda, multi-AZ by default
- ~120ms p95 (5× faster)
- 3-minute automated deploys
- CloudWatch dashboards, X-Ray tracing
- JWT authoriser, per-route throttling, WAF rules
Run-rate
- Hosting: £420/month → £140/month
- 67% lower infra cost
- Deploy frequency: 1/week → 5/day
- Engineering time saved: ~6 hr/week
- Zero customer-visible downtime during cutover
Same pattern, same playbook, same fixed-price commitment — applied to your stack.
How it works - Six weeks, four phases, fixed scope.
Each phase has a written deliverable you sign off on before we move to the next. No phase moves without your tech lead's explicit approval.
Week 1
Discovery + IaC scaffolding
We map every endpoint, document request/response shapes, identify auth and side-effects, and produce a written migration plan. In parallel, we scaffold the AWS account, IAM roles, IaC repository, CI/CD pipeline, and a working "hello world" endpoint through to a staging domain.
Weeks 2-5
Endpoint-by-endpoint migration
We migrate endpoints in batches of 5-10, ordered by importance. Each endpoint ships with contract tests run against the legacy API, observability hooks, and a feature flag controlling whether the new or legacy endpoint serves production traffic.
Week 6 (Mon-Thu)
Load test, harden, document
Load testing under realistic traffic profiles. WAF rules tuned. Throttling configured. CloudWatch dashboards and alarms finalised. OpenAPI spec generated. Runbook written for your on-call team.
Week 6 (Fri)
DNS cutover + handover
60-minute handover call walking your tech lead through the architecture, the IaC repo, the dashboards, the runbook, and the rollback procedure. We flip DNS during your maintenance window and stay on standby for 48 hours.
Post-launch (optional)
30-day post-launch support
A standalone, fixed-price 30-day support window where we monitor, tune, and squash any post-cutover issues. Optional — most clients do not need it, but it is available for peace of mind.
Tech we use
- AWS API Gateway
- AWS Lambda
- AWS CDK
- Terraform
- Node.js / TypeScript
- Python (when it fits)
- Cognito
- AWS WAF
- CloudWatch
- X-Ray
- DynamoDB
- RDS Proxy
- OpenAPI 3.1
- GitHub Actions
Fixed price
£15,000
Plus VAT. Up to 50 endpoints. Six weeks.
No hourly rates, no scope creep, no surprise charges. If we under-estimate the work, that is our problem, not yours.
Book a discovery callWe start one migration per month. Book a call to claim the next slot.
FAQ - API migration FAQs
- What exactly do I get for the fixed price?
- One legacy API (up to 50 endpoints) migrated end-to-end onto AWS API Gateway + Lambda, deployed via infrastructure-as-code, behind a custom domain with SSL, with CloudWatch dashboards and alarms, a CI/CD pipeline, OpenAPI documentation, and a 60-minute handover call with your team. Old API stays running side-by-side until you flip DNS — zero downtime cutover.
- How long does it take?
- Six working weeks from kick-off. Week 1: discovery and IaC scaffolding. Weeks 2-5: endpoint-by-endpoint migration with contract tests against the legacy API to ensure parity. Week 6: load testing, observability, custom domain, and DNS cutover.
- Does this work for any kind of legacy API?
- Best fit: REST APIs running on EC2, on-premise servers, Heroku, or aged PaaS platforms — typically Node.js, PHP, or Python — that are showing their age (slow, expensive to operate, painful to deploy). We have migrated APIs handling everything from media analytics workloads to internal admin tools. If your API is GraphQL or gRPC, talk to us first — different tooling, similar pattern.
- What if my API has more than 50 endpoints?
- We scope larger APIs the same way: phase 1 covers the first 50 endpoints under the fixed price, and phase 2 onwards runs at a fixed per-endpoint rate with no surprise charges. Most clients find that the first 50 endpoints — the highest-traffic core of their API — are enough to validate the approach before committing to the rest.
- What about authentication, rate limiting, and security?
- Included. We wire up API Gateway authorisers (Cognito, custom Lambda authorisers, or your existing JWT provider), per-route throttling, usage plans, AWS WAF for IP- and pattern-based protection, and request/response validation against your OpenAPI schema. The new API ships harder than the legacy one it replaces.
- What does the cost look like once we are running on AWS?
- For a typical API handling 1-5 million requests/month, expect £80-£300/month in AWS bills (Lambda + API Gateway + CloudWatch + Route 53). For higher traffic we move to API Gateway HTTP APIs (cheaper) or recommend a CloudFront caching layer in front. We will benchmark the unit economics during discovery so you know the run-rate before we start.
- Will my mobile/web clients need to change anything?
- No, by design. We preserve URL paths, request/response shapes, status codes, headers, and edge-case error semantics. Contract tests run against both the legacy and new APIs during the migration window to catch any drift before DNS flips. The cutover is invisible to your clients.
- Can you sign an NDA?
- Yes. We sign your NDA before any code or infrastructure access. If you would prefer, we can sign a mutual NDA we have already used on similar engagements.