Convert AWS Amplify app to Terraform infrastructure

[devin-ai-integration]

Convert AWS Amplify app to Terraform infrastructure

Summary

This PR converts the existing AWS Amplify Gen 2 application (profilesapp, ID: d34w1re7vwygyp) to equivalent Terraform configuration, enabling infrastructure-as-code management. The conversion includes:

• Cognito Authentication: User Pool with email-based login and Identity Pool for authenticated/unauthenticated access
• AppSync GraphQL API: Complete API with schema, resolvers, and DynamoDB integration for Todo model
• DynamoDB Table: Todo table with appropriate schema and permissions
• Amplify Hosting: GitHub-connected hosting with custom routing rules and build specification
• IAM Roles & Policies: All required service roles and permissions for component interaction

The Terraform configuration is modular, well-documented, and includes comprehensive variable definitions and outputs.

Review & Testing Checklist for Human

⚠️ HIGH RISK - Infrastructure changes require careful validation

• Test Terraform deployment in a separate AWS account/environment first - Run terraform plan and terraform apply in a safe environment to validate all resources deploy correctly
• Verify IAM roles and policies - Review all IAM configurations in iam.tf to ensure permissions are neither too broad (security risk) nor too narrow (functionality breaks)
• Validate AppSync GraphQL functionality - Test the GraphQL schema, resolvers, and DynamoDB integration work correctly with sample queries/mutations
• End-to-end testing with frontend - Deploy the infrastructure and update the frontend app to use the new resource IDs, then test all functionality
• Confirm resource configurations match original - Compare the Terraform-created resources against the original Amplify app to ensure feature parity

Recommended Test Plan

1. Copy terraform.tfvars.example to terraform.tfvars and provide your GitHub access token
2. Run terraform plan to review all planned changes
3. Deploy to a test AWS account with terraform apply
4. Update frontend configuration with the new resource IDs from terraform output
5. Test authentication, API calls, and hosting functionality
6. Compare costs and functionality against the original Amplify app

---

Diagram

%%{ init : { "theme" : "default" }}%%
graph TB
    subgraph "Terraform Configuration"
        main["terraform/main.tf<br/>Provider & Backend"]:::major-edit
        vars["terraform/variables.tf<br/>Input Variables"]:::major-edit
        outputs["terraform/outputs.tf<br/>Resource IDs"]:::major-edit
        
        cognito["terraform/cognito.tf<br/>User Pool & Identity Pool"]:::major-edit
        appsync["terraform/appsync.tf<br/>GraphQL API & Resolvers"]:::major-edit
        dynamodb["terraform/dynamodb.tf<br/>Todo Table"]:::major-edit
        amplify["terraform/amplify.tf<br/>Hosting & GitHub Integration"]:::major-edit
        iam["terraform/iam.tf<br/>Service Roles & Policies"]:::major-edit
    end
    
    subgraph "Original Amplify App"
        amp_app["Amplify App<br/>d34w1re7vwygyp"]:::context
        amp_auth["amplify/auth/resource.ts<br/>Email Auth Config"]:::context
        amp_data["amplify/data/resource.ts<br/>Todo Model & Schema"]:::context
    end
    
    subgraph "Documentation"
        readme["terraform/README.md<br/>Setup & Migration Guide"]:::major-edit
        example["terraform/terraform.tfvars.example<br/>Configuration Template"]:::major-edit
    end
    
    amp_auth --> cognito
    amp_data --> appsync
    amp_data --> dynamodb
    amp_app --> amplify
    
    cognito --> iam
    appsync --> iam
    amplify --> iam
    
    subgraph Legend
        L1["Major Edit"]:::major-edit
        L2["Minor Edit"]:::minor-edit  
        L3["Context/No Edit"]:::context
    end
    
    classDef major-edit fill:#90EE90
    classDef minor-edit fill:#87CEEB
    classDef context fill:#FFFFFF

Loading

Notes

• Session Info: Requested by @abhay-codeium, Link to Devin run: https://app.devin.ai/sessions/2d643941f926493eac22d9268963808e
• Resource Naming: DynamoDB table will have a random suffix, so the table name will differ from the original
• GitHub Token Required: You'll need to provide a GitHub access token in terraform.tfvars for Amplify to access the repository
• Cost Considerations: The Terraform-managed resources should have similar costs to the original Amplify app, but monitor usage after deployment
• Migration Path: The README includes detailed migration instructions for switching from Amplify to Terraform management

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring