My company is moving computing services into AWS from on-premise Data Center.
Our infrastructure relies on the internal two-level PKI Active Directory Certificate Services.
I'm trying to decide between two options:
1. Lift-and-shift - take existing VMs and light them up in AWS, change IP and update DNS.
2. Stand up two parallel Issuing Authorities and migrate templates there one-by-one.