Skip to content

Convert AWS Amplify app to Terraform infrastructure #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
devin-ai-integration wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Convert AWS Amplify app to Terraform infrastructure #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions terraform/.gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
# Terraform files
*.tfstate
*.tfstate.*
*.tfplan
*.tfplan.*
.terraform/
.terraform.lock.hcl

# Variable files
terraform.tfvars
*.auto.tfvars

# Override files
override.tf
override.tf.json
*_override.tf
*_override.tf.json

# CLI configuration files
.terraformrc
terraform.rc

# Crash log files
crash.log
crash.*.log

# Exclude all .tfvars files, which are likely to contain sensitive data
*.tfvars
*.tfvars.json

# Ignore override files as they are usually used to override resources locally
*_override.tf
*_override.tf.json

# Include override files you do wish to add to version control using negated pattern
# !example_override.tf

# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan
*tfplan*

# Ignore CLI configuration files
.terraformrc
terraform.rc
141 changes: 141 additions & 0 deletions terraform/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,141 @@
# Amplify to Terraform Conversion

This directory contains Terraform configuration files that replicate the AWS Amplify application "profilesapp" infrastructure.

## Original Amplify Application

- **App ID**: d34w1re7vwygyp
- **Name**: profilesapp
- **Repository**: https://github.com/abhay-codeium/profilesapp
- **Default Domain**: d34w1re7vwygyp.amplifyapp.com

## Infrastructure Components

The Terraform configuration creates the following AWS resources:

### Amplify Hosting
- **aws_amplify_app**: Main Amplify application with GitHub integration
- **aws_amplify_branch**: Main branch configuration for production deployment
- Custom routing rules for SPA (404-200 redirect)
- Build specification matching the original Amplify configuration

### Authentication (Cognito)
- **aws_cognito_user_pool**: User pool with email-based authentication
- **aws_cognito_user_pool_client**: Application client for the user pool
- **aws_cognito_identity_pool**: Identity pool supporting both authenticated and unauthenticated users

### API and Database
- **aws_appsync_graphql_api**: GraphQL API with IAM authentication
- **aws_dynamodb_table**: DynamoDB table for Todo items
- **aws_appsync_datasource**: Connection between AppSync and DynamoDB
- **aws_appsync_resolver**: GraphQL resolvers for CRUD operations on Todo items

### IAM Roles and Policies
- Amplify service role with backend deployment permissions
- Cognito authenticated and unauthenticated user roles
- AppSync service role for DynamoDB access
- Appropriate policies for each role

## File Structure

```
terraform/
├── main.tf # Provider configuration
├── variables.tf # Input variables
├── outputs.tf # Output values
├── cognito.tf # Cognito User Pool and Identity Pool
├── dynamodb.tf # DynamoDB table configuration
├── appsync.tf # AppSync GraphQL API and resolvers
├── amplify.tf # Amplify hosting configuration
├── iam.tf # IAM roles and policies
├── terraform.tfvars.example # Example variables file
└── README.md # This file
```

## Prerequisites

1. **AWS CLI configured** with appropriate credentials
2. **Terraform installed** (version >= 1.0)
3. **GitHub access token** with repository access permissions

## Usage

### 1. Initialize Terraform

```bash
cd terraform
terraform init
```

### 2. Configure Variables

Copy the example variables file and update with your values:

```bash
cp terraform.tfvars.example terraform.tfvars
```

Edit `terraform.tfvars` and provide:
- `github_access_token`: Your GitHub personal access token
- Other variables as needed (defaults should work for most cases)

### 3. Plan the Deployment

```bash
terraform plan
```

### 4. Apply the Configuration

```bash
terraform apply
```

### 5. Get Output Values

```bash
terraform output
```

## Migration from Amplify

To migrate from the existing Amplify application to this Terraform-managed infrastructure:

1. **Deploy the Terraform configuration** (steps above)
2. **Update your frontend application** to use the new resource identifiers:
- Update Cognito User Pool ID and Client ID
- Update AppSync GraphQL endpoint
- Update Cognito Identity Pool ID
3. **Test the new infrastructure** thoroughly
4. **Delete the original Amplify application** once migration is confirmed

## Key Differences from Original Amplify

- **Resource naming**: Terraform uses consistent naming with the app name prefix
- **DynamoDB table name**: Includes a random suffix for uniqueness
- **IAM roles**: Explicitly defined instead of auto-generated by Amplify
- **GraphQL schema**: Explicitly defined with all resolvers

## Outputs

After applying, Terraform will output important resource identifiers:

- `amplify_app_id`: New Amplify application ID
- `amplify_default_domain`: Default Amplify domain
- `cognito_user_pool_id`: Cognito User Pool ID
- `cognito_user_pool_client_id`: Cognito User Pool Client ID
- `cognito_identity_pool_id`: Cognito Identity Pool ID
- `appsync_graphql_url`: AppSync GraphQL endpoint
- `dynamodb_table_name`: DynamoDB table name

## Cleanup

To destroy all resources:

```bash
terraform destroy
```

## Support

For issues or questions about this Terraform configuration, refer to the AWS Terraform provider documentation or the original Amplify application configuration.
66 changes: 66 additions & 0 deletions terraform/amplify.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,66 @@
resource "aws_amplify_app" "main" {
name = var.app_name
repository = var.repository_url

access_token = var.github_access_token

platform = "WEB"

enable_branch_auto_build = false
enable_branch_auto_deletion = false
enable_basic_auth = false

build_spec = <<-EOT
version: 1
backend:
phases:
build:
commands:
- npm ci --cache .npm --prefer-offline
- npx ampx pipeline-deploy --branch $AWS_BRANCH --app-id $AWS_APP_ID
frontend:
phases:
build:
commands:
- mkdir ./dist && touch ./dist/index.html
artifacts:
baseDirectory: dist
files:
- '**/*'
cache:
paths:
- .npm/**/*
EOT

custom_rule {
source = "/<*>"
status = "404-200"
target = "/index.html"
}

iam_service_role_arn = aws_iam_role.amplify_service.arn

tags = {
Name = var.app_name
Environment = var.environment
}
}

resource "aws_amplify_branch" "main" {
app_id = aws_amplify_app.main.id
branch_name = "main"

framework = "Web"
stage = "PRODUCTION"
enable_notification = false
enable_auto_build = true
enable_basic_auth = false
enable_performance_mode = false
ttl = "5"
enable_pull_request_preview = false

tags = {
Name = "${var.app_name}-main-branch"
Environment = var.environment
}
}
Loading