Migrate infrastructure from AWS CDK to Pulumi

[pulumi]

CDK to Pulumi Migration

This PR migrates the EC2 Dev environment infrastructure from AWS CDK to Pulumi Python.

What Changed

Infrastructure Converted:

• VPC with 2 public subnets across 2 availability zones (us-west-2a, us-west-2b)
• Internet Gateway and route tables
• 2 Security Groups (SSH access and EC2 instance)
• IAM Role with managed policies (SSM, CloudWatch) and inline policies (S3 access, log retention)
• IAM Instance Profile
• EC2 Instance (m7g.large ARM64 instance with Amazon Linux 2023)
• S3 Bucket for assets with public access block and ownership controls

Implementation Details:

• Used raw pulumi_aws resources (no higher-level abstractions)
• All existing AWS resources are imported using the import_ resource option
• Configured to use neo-demo/aws-oidc/aws-dev ESC environment for AWS credentials
• All existing tags preserved exactly as they exist in AWS

Verification

✅ Pulumi Preview Results:

• 18 resources to import (all existing infrastructure)
• 0 creates, 0 updates, 0 deletes (no infrastructure changes)
• This is a pure state adoption - no modifications to actual infrastructure

Stack Outputs

The following outputs are available:

• ssm_command: Command to connect via AWS Systems Manager
• ssh_command: Command to connect via SSH
• instance_id: EC2 instance ID
• vpc_id: VPC ID
• bucket_name: S3 bucket name

Next Steps

After merging this PR:

1. The Pulumi stack will manage the same infrastructure previously managed by CDK
2. The CDK stack can be safely removed from CloudFormation
3. Future infrastructure changes should be made through Pulumi code

Testing

• ✅ Code passes pyright type checking
• ✅ Code formatted with black
• ✅ Code passes ruff linting
• ✅ Pulumi preview shows only imports with no changes