We are not touching OR upgrading R12.52 environment. That stays as is. This is an use case of Parallel Upgrade.
Task-1 : Review the documented Steps & understand the process.
https://docops.ca.com/ca-single-sign-on/12-7/en/upgrading/complete-the-upgrade-prerequisites
https://docops.ca.com/ca-single-sign-on/12-7/en/upgrading/parallel-upgrade
Task-2 : Prepare a step by step upgrade plan. This would allow you to track and monitor changes. It is crucial we do this before we start the upgrade as it helps us better understand how the generic product documented process would apply to our environments. Take this step seriously as many hidden gotcha's are revealed beforehand when we visually design the flow / steps on paper before actuals.
Task-3 : Identify a lower environment where we could attempt the migration. Also cross verify / check Documented Upgrade Plan.
Task-4 : Install a vanilla OOB R12.7 with CA Directory as Policy Store.
Task-5 : Review your R12.52 KeyStore & R12.7 KeyStore Deployment strategy to maintain SSO between R12.52 and R12.7.
- Align KeyStore as per strategy & SSO requirements
Task-6 : Object Migration.
- Review your current objects in R12.52 environments (e.g. Federation, Certificates, Policy Objects etc).
- Take a XPSExport from R12.52 environment (using flags -xp -xe -xi).
- Before XPSImport in R12.7 run a validateOnly (using flags -validateOnly).
- Fix any anomalies that the XPSImport (with flags -validateOnly) reports.
- Import the objects without -validateOnly after all reported anomalies are fixed.
- Review custom solutions OR custom developments.
- Recompile custom code using R12.7 SDK or look for appropriate alternatives for the solutions.
Task-7 : Pointing WebAgents to R12.7. Since you are migrating from OnPremise to AWS. I'd assume the WebAgents / Applications would also be migrating to AWS.
Task-8 : At every step, go back and update the documentation. Track Issues / Solution / Closures.