#Amplify for quick iteration, then need VPC, WAF, NAT for high security—newbie guidance

Hi all. I'm a newbie; my mental models aren't well fleshed out on some of the things I'm doing. I really appreciate any pointers from the community. I can do lots of googling, but sometimes it helps to be pointed in a direction.

I'd like to use Amplify to iterate quickly on a web app with a client—but in the long run they'll need strong (banking industry) security, including a VPC and WAF and such. From googling around, I don't think that's possible with AWS Amplify, to put it in a VPC.

Broadly, before I get going too far with Amplify I want to be sure I understand, if that's the case, what the next stage will be after the Amplify buildout. For example, will I want to migrate out of Amplify to something that can be hosted behind a firewall in a virtual private cloud? What would that thing be? (Preferably an option that requires the smallest amount of re-work.) I do see posts out there on exporting from Amplify to use CDK and code pipelines… but even as a newbie I don't think that's a hosting thing, more of a delivery thing.

Any recommendations, or thoughts on what I'm looking at? I'm not to this stage yet with my work yet, but I want to make sure I've thought about it before I get there. Thanks so much for the dialog on what would otherwise be a head-scratcher and require a lot more banging my head into walls.

Amplify is a great prototyping tool. We use it to bootstrap and iterate on all new apps/customer engagements. You will outgrow it at some point though as you progress towards production grade for all the reasons you state.

There really isn't any rework to your front-end involved. Standard build tools are employed that will port 100% to other CI/CD tools including AWS CodePipeline. The back-end and everything else provided by the amplify CLI is what you'll need to provide when you "break out" of Amplify.

This isn't as difficult as it sounds when you consider what the CLI tools are doing for you and you stick with AWS infrastructure (highly recommended). At a high level you will need to provide:

• S3 hosting with a CloudFront distribution
• CI/CD pipeline with CodeBuild/CodePipeline, BitBucket Pipelines, Jenkins etc. that will deploy to S3
• Infrastructure as code. Amplify creates a CloudFormation template that can be used as a starting point/example.

All this can be done in parallel not breaking existing Amplify deployments by simply building your new CI/CD pipeline off a dedicated source branch.