Amplify Current Configuration — Live AWS State

Live configuration of the existing Amplify applications as retrieved from AWS, compared against the CloudFormation templates in the infrastructure repository. This documents the actual state that the new pipeline must work with during production cutover (Development Blueprint Step 5).

Alpha002 (139852620346, us-east-1)

Two Amplify apps serving the dev and stage partitions.

Dev App — dev-arda-frontend-app

Property	Value
App ID	d38w5m1ngjza76
Repository	https://github.com/Arda-cards/arda-frontend-app
Platform	WEB_COMPUTE
Branch	dev
enableAutoBuild	true
enablePullRequestPreview	false
Stage	PRODUCTION
Domain	dev.alpha002.app.arda.cards
Service Role	AmplifySSRLoggingRole-811a740a-a96f-47a3-a2bd-8abc3dad76f3
Compute Role (branch)	(none)
Build compute	STANDARD_8GB
Last deploy	2026-03-18, status: SUCCEED, job: 0000000090

Environment Variables (11)

Variable	Value
ARDA_API_KEY	(set)
BASE_URL	https://dev.alpha002.io.arda.cards
GITHUB_TOKEN	(set)
NEXT_PUBLIC_COGNITO_CLIENT_ID	(set)
NEXT_PUBLIC_COGNITO_CLIENT_SECRET	(set)
NEXT_PUBLIC_COGNITO_REGION	us-east-1
NEXT_PUBLIC_COGNITO_USER_POOL_ID	(set)
NEXT_PUBLIC_DEPLOY_ENV	DEV
NEXT_PUBLIC_SENTRY_DSN	(set)
TENANT_ID	(set)
TENANT_ID_2	(set)

Build Spec (inline)

version: 1
frontend:
  phases:
    preBuild:
      commands:
        - echo "Node $(node --version)"
        - echo "NPM  $(npm --version)"
        - npm ci --cache .npm --prefer-offline
        - echo "BASE_URL=$BASE_URL" >> .env
        - echo "ARDA_API_KEY=$ARDA_API_KEY" >> .env
        - echo "TENANT_ID=$TENANT_ID" >> .env
        - echo "TENANT_ID_2=$TENANT_ID_2" >> .env
    build:
      commands:
        - export NEXT_TELEMETRY_DISABLED=1
        - npm run build
        - test -d .next || (echo ".next not found" && exit 1)
        - test -d .next/server || (echo ".next/server not found (SSR missing?)" && exit 1)
  artifacts:
    baseDirectory: .next
    files:
      - '**/*'
  cache:
    paths:
      - .next/cache/**/*
      - .npm/**/*

Stage App — stage-arda-frontend-app

Property	Value
App ID	d1kbrvra79y8sc
Repository	https://github.com/Arda-cards/arda-frontend-app
Platform	WEB_COMPUTE
Branch	stage
enableAutoBuild	true
enablePullRequestPreview	false
Stage	PRODUCTION
Domain	stage.alpha002.app.arda.cards
Service Role	AmplifySSRLoggingRole-b0cfadfd-4377-46c1-b458-74832190cd75
Compute Role (branch)	AmplifyComputeCognitoRole_Stage_Dev
Build compute	STANDARD_8GB
Last deploy	2026-03-17, status: SUCCEED, job: 0000000168

Environment Variables (20)

Variable	Value
ARDA_API_KEY	(set)
ARDA_SIGNUP_SECRET_KEY	(set)
BASE_URL	https://stage.alpha002.io.arda.cards
COGNITO_REGION	us-east-1
COGNITO_USER_POOL_ID	(set)
GITHUB_TOKEN	(set)
HUBSPOT_API_BASE	https://api.hubapi.com
HUBSPOT_CLIENT_SECRET	(set)
HUBSPOT_PRIVATE_ACCESS_TOKEN	(set)
NEXT_PUBLIC_COGNITO_CLIENT_ID	(set)
NEXT_PUBLIC_COGNITO_CLIENT_SECRET	(set)
NEXT_PUBLIC_COGNITO_REGION	us-east-1
NEXT_PUBLIC_COGNITO_USER_POOL_ID	(set)
NEXT_PUBLIC_DEPLOY_ENV	STAGE
NEXT_PUBLIC_PYLON_APP_ID	cfd1f3e2-b840-4ce2-ad95-03b1ec18c74d
NEXT_PUBLIC_SENTRY_DSN	(set)
PYLON_WIDGET_SECRET	(set)
TENANT_ID	(set)
TENANT_ID_2	(set)

Build Spec (inline)

version: 1
frontend:
  phases:
    preBuild:
      commands:
        - npm ci --cache .npm --prefer-offline
    build:
      commands:
        - npm run build
  artifacts:
    baseDirectory: .next
    files:
      - '**/*'
  cache:
    paths:
      - .next/cache/**/*
      - .npm/**/*

Differences from CloudFormation Templates

These apps were created manually, not via the amplify.cfn.yaml / amplifyBranch.cfn.yaml CloudFormation templates. The following differences are relevant to the pipeline migration.

IAM Roles

The manually created apps use auto-generated Amplify service roles, not the stack-managed roles defined in amplify.cfn.yaml:

App	Service Role	Compute Role
dev	AmplifySSRLoggingRole-811a740a-...	(none on branch)
stage	AmplifySSRLoggingRole-b0cfadfd-...	AmplifyComputeCognitoRole_Stage_Dev (on branch)
CFn template	Stack-managed AmplifyServiceRole (AdministratorAccess-Amplify)	Stack-managed AmplifyComputeRole (Secrets Manager + Cognito + Logging)

The dev app has no compute role on its branch at all, which means it cannot access Secrets Manager at runtime. The stage app has a shared compute role (AmplifyComputeCognitoRole_Stage_Dev) set on the branch level.

Environment Variables

Difference	Details
Missing from dev (vs. CFn template)	COGNITO_REGION, COGNITO_USER_POOL_ID, ARDA_SIGNUP_SECRET_KEY, HUBSPOT_API_BASE, HUBSPOT_CLIENT_SECRET, HUBSPOT_PRIVATE_ACCESS_TOKEN, NEXT_PUBLIC_PYLON_APP_ID, NEXT_PUBLIC_FRONTEND_URL, PYLON_WIDGET_SECRET
Missing from stage (vs. CFn template)	NEXT_PUBLIC_FRONTEND_URL
Extra vars not in CFn template	GITHUB_TOKEN, TENANT_ID, TENANT_ID_2, NEXT_PUBLIC_SENTRY_DSN (both apps)
NEXT_PUBLIC_DEPLOY_ENV	DEV/STAGE per partition (CFn template hardcodes PRODUCTION)

The dev app compensates for missing vars by writing some values to a .env file during the preBuild phase.

Build Specs

Property	Dev	Stage	CFn template equivalent
.env file writing	Yes (preBuild)	No	No
SSR verification	Yes (test -d .next/server)	No	No
Telemetry disabled	Yes (NEXT_TELEMETRY_DISABLED=1)	No	No
Node/NPM version echo	Yes	No	No

Branch Configuration

Property	Dev/Stage (actual)	CFn template
enableAutoBuild	true	true (hardcoded)
enablePullRequestPreview	false	true
enableBranchAutoDeletion (app level)	false	true

Pipeline Implications

1. No CloudFormation management of existing apps — per decision C3, existing apps will not be brought under CloudFormation management as part of this project. The only change at cutover is disabling auto-build and changing the branch connection to main via CLI.

2. Environment variable gaps in dev — the dev app has fewer vars than stage or the CFn template. This does not affect the pipeline migration (env vars remain unchanged), but is worth noting for operational awareness.

3. IAM role differences — the existing service and compute roles are different from those in the CFn template. Since the pipeline only calls StartJob/GetJob externally and does not modify Amplify app configuration, these differences do not affect the migration.

4. enableAutoBuild: true on both branches — this must be set to false via aws amplify update-branch --no-enable-auto-build at cutover (Development Blueprint Step 5).

Alpha001 (009765408297, us-east-2)

One Amplify app serving the prod partition. No demo Amplify app exists yet (to be created in Development Blueprint Step 1).

Prod App — arda-frontend-app

Property	Value
App ID	duhexavnwh88g
Repository	https://github.com/Arda-cards/arda-frontend-app
Platform	WEB_COMPUTE
Branch	main
enableAutoBuild	true
enablePullRequestPreview	false
Stage	PRODUCTION
Domains	live.app.arda.cards, prod.alpha001.app.arda.cards (two domain associations)
Service Role	AmplifySSRLoggingRole-cf3dd2b8-02a6-4e2e-9e30-f757143793f0
Compute Role (branch)	AmplifyComputeCognitoRoleProd
Build compute	STANDARD_8GB
Last deploy	2026-03-12, status: SUCCEED, job: 0000000097

Custom Rules

Source	Target	Status
https://live.app.arda.cards	https://www.live.app.arda.cards	302 (redirect to www)
/<*>	/index.html	404-200 (SPA fallback)

The prod app has an extra redirect rule (bare domain to www) not present in the Alpha002 apps or the CFn template.

Environment Variables (21)

Variable	Value
ARDA_API_KEY	(set)
ARDA_SIGNUP_SECRET_KEY	(set)
BASE_URL	https://prod.alpha001.io.arda.cards
COGNITO_REGION	us-east-1
COGNITO_USER_POOL_ID	(set)
CORE_BACKEND_URL	https://prod.alpha001.io.arda.cards
GITHUB_TOKEN	(set)
HUBSPOT_API_BASE	https://api.hubapi.com
HUBSPOT_CLIENT_SECRET	(set)
HUBSPOT_PRIVATE_ACCESS_TOKEN	(set)
NEXT_PUBLIC_COGNITO_CLIENT_ID	(set)
NEXT_PUBLIC_COGNITO_CLIENT_SECRET	(set)
NEXT_PUBLIC_COGNITO_REGION	us-east-1
NEXT_PUBLIC_COGNITO_USER_POOL_ID	(set)
NEXT_PUBLIC_DEPLOY_ENV	PRODUCTION
NEXT_PUBLIC_FRONTEND_URL	https://www.live.app.arda.cards
NEXT_PUBLIC_PYLON_APP_ID	cfd1f3e2-b840-4ce2-ad95-03b1ec18c74d
NEXT_PUBLIC_SENTRY_DSN	(set)
PYLON_WIDGET_SECRET	(set)
TENANT_ID	(set)
TENANT_ID_2	(set)

Build Spec (inline)

version: 1
frontend:
  phases:
    preBuild:
      commands:
        - echo "Node $(node --version)"
        - echo "NPM  $(npm --version)"
        - npm ci --cache .npm --prefer-offline
        - echo "BASE_URL=$BASE_URL" >> .env
        - echo "ARDA_API_KEY=$ARDA_API_KEY" >> .env
        - echo "TENANT_ID=$TENANT_ID" >> .env
        - echo "TENANT_ID_2=$TENANT_ID_2" >> .env
    build:
      commands:
        - export NODE_ENV=production
        - export NEXT_TELEMETRY_DISABLED=1
        - npm run build
        - test -d .next || (echo ".next not found" && exit 1)
        - test -d .next/server || (echo ".next/server not found (SSR missing?)" && exit 1)
  artifacts:
    baseDirectory: .next
    files:
      - '**/*'
  cache:
    paths:
      - .next/cache/**/*
      - .npm/**/*

Differences from Alpha002 and CloudFormation Templates

Property	Prod (Alpha001)	Dev (Alpha002)	Stage (Alpha002)
Env var count	21	11	20
CORE_BACKEND_URL	(set, same as BASE_URL)	missing	missing
NEXT_PUBLIC_FRONTEND_URL	https://www.live.app.arda.cards	missing	missing
COGNITO_REGION	us-east-1	missing	us-east-1
Compute role (branch)	AmplifyComputeCognitoRoleProd	(none)	AmplifyComputeCognitoRole_Stage_Dev
Build spec .env writing	Yes	Yes	No
Build spec NODE_ENV=production	Yes	No	No
Domain redirect (bare to www)	Yes (live.app.arda.cards → www.live.app.arda.cards)	No	No
Domain count	2 (live.app.arda.cards, prod.alpha001.app.arda.cards)	1	1

Extra vars not in CFn template (present across all apps): GITHUB_TOKEN, TENANT_ID, TENANT_ID_2, NEXT_PUBLIC_SENTRY_DSN. Prod also has CORE_BACKEND_URL which is not in any other app or the template.

COGNITO_REGION anomaly: The prod app in Alpha001 (us-east-2) has COGNITO_REGION set to us-east-1. This suggests the Cognito user pool is in a different region than the Amplify app. The CFn template uses !Ref "AWS::Region" which would resolve to us-east-2 for Alpha001 — a potential discrepancy if the demo app is created via CloudFormation.

Summary — All Three Apps

Property	Dev (Alpha002)	Stage (Alpha002)	Prod (Alpha001)
App ID	d38w5m1ngjza76	d1kbrvra79y8sc	duhexavnwh88g
Account	139852620346	139852620346	009765408297
Region	us-east-1	us-east-1	us-east-2
Branch	dev	stage	main
enableAutoBuild	true	true	true
Domain	dev.alpha002.app.arda.cards	stage.alpha002.app.arda.cards	live.app.arda.cards + prod.alpha001.app.arda.cards
Env vars	11	20	21
Compute role	(none)	AmplifyComputeCognitoRole_Stage_Dev	AmplifyComputeCognitoRoleProd
Created via CFn	No	No	No
Last deploy	2026-03-18	2026-03-17	2026-03-12

All three apps must have enableAutoBuild set to false at cutover. The Amplify branch resource names (dev, stage, main) remain unchanged — StartJob addresses these resource names, not the git branch (decision D6).

Branch Name vs. Partition Name

The Amplify branch resource name does not always match the partition name:

Partition	Amplify Branch Resource	Match?
dev	dev	Yes
stage	stage	Yes
prod	main	No

The prod mismatch is a legacy of the original branch-sync model where the prod app was connected to the main git branch. The amm.sh script maintains a uniform partition-to-branch-name mapping for all partitions (including the trivial matches) to avoid special-casing. The branch name is published as a CloudFormation export (${Infrastructure}-${Partition}-I-AmplifyBranchName) via lightweight export stacks so the workflow has a single, consistent lookup mechanism. See Design Analysis — Branch Name Mapping for details.