Many firms dive right into the POC. You learn by doing. Pick a suitable application which is cloud friendly. Then do a migration and deployment test against that application and some dummy data. The purpose of the POC is to test ideas, costs, assumptions and to provide a bench mark.
The POC will allow us to become familiar with the AWS API, AWS tools, SDKs, and most importantly the AWS Management Console and command line interface or CLI.
Minimum items to learn about services in a Proof of Concept
We will need to use the AWS IAM and other Security APIs throughout the process. This includes: bastion hosts, ACLs, Security Groups, MFA and IAM.
Minimum items to learn about security in a Proof of Concept Phase
At this stage, you want to start thinking about whether you want to create different IAM groups for different business functions within your organization or create groups for different IT roles (admins, developers, testers etc.) and whether you want to create users to match your organization chart or create users for each application.
A proof-of-concept should be large and significant enough, that it can fully represent the key aspects of the platform and application. The POC must test the critical functionality of the application in the cloud environment. We can start with a small database (or a dataset from a larger complex database). We should also launch and terminate instances, and stress-test the system, using automated unit testing.
A simple example could be the migrating of a web application, where we can start by deploying miniature models of all the pieces of the architecture (database, web application, load balancer) with minimal data. We are in essence building a 3 tiered POC architecture. In the process, we can learn how to create a Web Server AMI, how to set the security group so that only the web server can talk to the app server, and how to store all the static files on Amazon S3 whilst mounting an EBS volume to the Amazon EC2 instance. We can understand how to manage/monitor this POC application using CloudWatch and also how to use IAM to restrict access to only the services and resources required for your application to function.
The POC is vital. Customers need the hands-on experience to appreciate the capabilities and applicability of AWS.
The key is to build the POC and obtain stakeholder support. In this stage, you can build support in your organization, validate the technology, test legacy software in the cloud, perform necessary benchmarks and set expectations.