Logo

Migrating from Heroku to AWS - What to Expect and How to Plan

Jerzy Kopaczewski 30 May 2026 9 min read
Contents
Heroku got you to market fast. The git-push deployment model, managed Postgres, and zero infrastructure overhead made it the right choice when shipping features mattered more than controlling costs or meeting compliance requirements. But at some point the trade-offs start working against you: rising bills as you scale, limited control over networking and security, no path to certifications like SOC 2 or Cyber Essentials Plus, and performance ceilings that managed dynos can't solve.

That’s when teams start looking at AWS. We’ve delivered multiple Heroku to AWS migrations for clients in fintech, healthcare, and SaaS. This post covers what the process actually looks like, what decisions you’ll face, and where teams commonly get stuck.

 

Why teams leave Heroku

The reasons cluster around a few themes. Cost is the most common trigger. A rule of thumb we’ve heard repeated at industry meetups: once your Heroku bill crosses $10k/month, you’re overpaying for what you get. But cost alone isn’t the only reason to move earlier.

Security and compliance is often the real forcing function. Heroku’s shared infrastructure model makes it difficult to implement network isolation, private subnets, or the kind of IAM controls that auditors expect. If you need to pass SOC 2, ISO 27001, or Cyber Essentials Plus, you’ll hit walls on Heroku that don’t exist on AWS.

The third is operational control. No custom VPC configuration, limited logging, no native integration with tools like Datadog or PagerDuty at the infrastructure level, and no way to run background jobs that need more than 512MB of memory without paying premium prices.

And then there’s developer experience. Heroku’s simplicity is its selling point, but it becomes a constraint when your team needs preview environments tied to pull requests, automated security scanning in the pipeline, or deployment strategies beyond “push to main”. On AWS, you get the full scope of CI/CD level QA and security tooling: SAST/DAST scanning, container image inspection, policy-as-code checks, and automated performance testing. That’s a richer automation layer that Heroku simply can’t offer.

What Heroku services map to on AWS

The mapping isn’t one-to-one, but here’s how the core components translate:

Heroku to AWS migration architecture diagram showing service mapping
Heroku Dynos → Amazon ECS on Fargate (or EKS if you need Kubernetes). Fargate is the closest equivalent: containerised, serverless compute without managing EC2 instances.
Heroku Postgres → Amazon RDS for PostgreSQL. Managed, automated backups, point-in-time recovery, Multi-AZ for high availability.
Heroku Redis → Amazon ElastiCache for Redis. Same managed model, better scaling options.
Heroku Scheduler → Amazon EventBridge + ECS tasks. More flexible scheduling with proper logging and retry logic.
Heroku Config Vars → AWS Systems Manager Parameter Store or Secrets Manager. Encrypted, versioned, with IAM-controlled access.
Heroku Pipelines → GitHub Actions, GitLab CI, or AWS CodePipeline. You'll need to build this yourself, but you gain full control over the build and deployment process.
Heroku Add-ons → Native AWS services or self-managed alternatives. Most add-ons (logging, monitoring, email) have direct AWS equivalents or better third-party integrations.

The migration process

Every Heroku to AWS migration we’ve delivered follows roughly the same phases:

1. Audit and architecture design. We map every Heroku resource, add-on, environment variable, and dependency. We document data flows and identify stateful vs stateless components. Then we design the target AWS architecture against the Well-Architected Framework. Every migration architecture is reviewed for security, reliability, performance, cost optimisation, and operational excellence before a single resource is provisioned. This typically takes 3-5 days and includes a TCO model comparing your current Heroku spend against projected AWS costs.
2. Infrastructure as Code. We build the entire AWS environment in Terragrunt (our default for multi-account setups, which is how we structure every migration). Each environment gets its own AWS account for proper isolation, billing separation, and security boundaries. For simpler single-account setups, pure Terraform works fine, but multi-account is the standard we recommend.
3. Containerisation. Heroku apps need to be containerised if they aren't already. This means writing Dockerfiles, handling build-time vs runtime secrets, and ensuring the application starts correctly in a container context. Most Heroku apps are straightforward to containerise since they already follow the 12-factor app pattern.
4. CI/CD rebuild. Heroku's git-push deployment is replaced with a proper pipeline. We typically use GitHub Actions with OIDC federation to AWS (no long-lived access keys). The pipeline builds, tests, pushes to ECR, and deploys to ECS with zero-downtime rolling updates. One of the most common requests is replicating Heroku's Review Apps functionality. We build custom short-lived deployment flows tied to the PR lifecycle: open a pull request, get a live preview environment spun up automatically, merge or close the PR and the environment tears itself down. Developer experience matters here. You don't want to trade Heroku's ease of use for a half-baked delivery model. We make sure the new flow is an improvement, not a compromise. That means preview environments, fast feedback loops, and the full scope of CI/CD tooling that AWS enables: SAST/DAST scanning, container vulnerability checks, policy-as-code gates, and automated performance testing baked into every deployment.
5. Data migration. Database migration is the highest-risk phase. For applications that can afford a maintenance window, we do a straightforward pg_dump/restore with a planned downtime period. This keeps the migration simple and avoids the cost and complexity of continuous replication. For applications that genuinely can't tolerate downtime, we use AWS DMS for continuous replication from Heroku Postgres to RDS, then perform a final cutover. The right approach depends on your SLA requirements, not on what looks impressive in a proposal.
6. DNS cutover and validation. Once the application is running on AWS and validated, we switch DNS. We keep the Heroku environment running in parallel for 1-2 weeks as a rollback option.
Jerzy Kopaczewski

Thinking about migrating from Heroku?

Book a free 30-minute call to discuss your setup and get a rough cost comparison.

The organisational shift

This is the part most technical guides skip. A Heroku to AWS migration isn’t just an infrastructure change. It’s a workflow change for your entire engineering team.

On Heroku, a single developer can deploy, scale, and manage everything. On AWS, you gain power but also responsibility. Someone needs to own the infrastructure code. Someone needs to review Terraform changes. Your team needs to understand how environments are promoted and how secrets are managed.

We assess your team’s current workflow and recommend the minimal organisational changes needed to operate on AWS effectively. Sometimes that means training developers on the new deployment flow. Sometimes it means introducing a lightweight platform engineering function. The goal is to match the operational model to your team’s size and maturity, not to impose enterprise processes on a 10-person startup.

Common mistakes

Underestimating the CI/CD rebuild. On Heroku, deployment is a git push. On AWS, you need to build and maintain a pipeline. Teams that don’t budget time for this end up with fragile manual deployments that defeat the purpose of migrating.

Ignoring networking from the start. Heroku handles networking invisibly. On AWS, you need to design VPCs, subnets, security groups, and decide on public vs private networking. Getting this wrong early means painful refactoring later.

Migrating everything at once. A phased approach (staging first, then dev, then production) catches issues before they affect users. We’ve seen teams try big-bang migrations and spend weeks debugging issues that a staged approach would have caught in hours.

Not containerising properly. Copying Heroku’s Procfile into a Dockerfile without understanding the differences leads to containers that work locally but fail in ECS. Health checks, graceful shutdown, signal handling, and log routing all need attention.

Timeline and cost

A typical Heroku to AWS migration for a single application with 3-5 services takes 4-8 weeks. More complex setups with multiple applications, shared databases, or compliance requirements can take 2-4 months.

The AWS infrastructure cost after migration is usually 40-60% lower than the equivalent Heroku bill, depending on how aggressively you right-size resources. We build a detailed cost model before starting any migration so you know the expected savings upfront. The migration itself is a one-time investment that pays back within 3-6 months through reduced hosting costs alone.

Worth noting: as an AWS Advanced Tier Partner, we have access to AWS funding programmes that can offset a significant portion of migration costs. Depending on your situation and scale, programmes like the Proof of Concept (PoC), Migration Acceleration Program (MAP), or Incremental Workload for Startups (IW) can cover 50-80% of the engagement cost. We assess eligibility as part of the initial scoping conversation.

When to stay on Heroku

Not every team should migrate. If you’re a small team shipping a single application with low traffic and no compliance requirements, Heroku’s simplicity is worth the premium. The migration makes sense when:

  • Monthly Heroku costs exceed what you’d pay on AWS for the same workload
  • You need network isolation, private subnets, or VPN connectivity
  • Compliance requirements (SOC 2, ISO 27001, Cyber Essentials Plus) demand infrastructure controls Heroku can’t provide
  • You need to scale beyond what Heroku’s dyno model supports efficiently
  • You want full ownership of your infrastructure defined as code

How we can help

We’ve delivered Heroku to AWS migrations for fintech companies needing PAM integration, healthcare platforms requiring NHS compliance, and SaaS products outgrowing Heroku’s scaling model. Every migration is delivered with infrastructure as code, automated CI/CD, and documented runbooks. The target architecture is designed against the AWS Well-Architected Framework, ensuring your new environment meets best practices for security, reliability, performance, and cost from day one.

See our Heroku to AWS migration case study for a detailed example of how we migrated a fintech platform with 3-4 hours of downtime and 40%+ cost reduction.

Ready to evaluate whether migration makes sense for your setup? Our cloud migration services start with a no-commitment assessment of your current Heroku environment.

AWS Heroku cloud migration ECS Fargate Terraform PaaS to IaaS
jerzy.webp
Jerzy Kopaczewski
Co-Founder and CTO

Contents
Read also
AWS vs Azure - A detailed comparison of container deployment strategies Marek Latała
Building a Scalable Architecture with AWS, Terraform, and Kubernetes Julia Lamenza
UK Data Residency After Brexit - Why We Moved an EdTech Platform from US to AWS EU Jerzy Kopaczewski

Read also:

AWS ECS & Fargate vs Azure Container Instances & AKS - Service Mapping & Comparison
AWS vs Azure - A detailed comparison of container deployment strategies
Building a Scalable Architecture with AWS, Terraform, and Kubernetes
Building a Scalable Architecture with AWS, Terraform, and Kubernetes
UK Data Residency After Brexit - Moving EdTech to AWS EU
UK Data Residency After Brexit - Why We Moved an EdTech Platform from US to AWS EU
Previous post Next post