AWS Migration Guide | Supabase to Aurora & DynamoDB

Phase 0

Complete AWS Services Setup

Week 1

Day 1: Aurora Validation

Navigate to AWS Console → RDS
Verify cluster helium-prod-aurora-cluster is available
Check endpoint: helium-prod-aurora-cluster.cluster-ckfawcg4sknj.us-east-1.rds.amazonaws.com
Verify Enhanced Monitoring and Performance Insights enabled
Locate auto-created secret in Secrets Manager

Day 2-3: DynamoDB Setup

Navigate to AWS Console → DynamoDB
Click Create table
Table name: helium-prod-data
Partition key: PK (String), Sort key: SK (String)
Capacity mode: On-demand
Enable Deletion protection
Create 3 Global Secondary Indexes:
- message_id-index (PK: message_id, SK: PK)
- user_id-created_at-index (PK: user_id, SK: created_at)
- thread_id-type-index (PK: thread_id, SK: entity_type)

GSIs take 15-90 minutes to create. Create one at a time.

Day 4-5: Cognito Setup

Navigate to AWS Console → Cognito
Click Create user pool
Enable Email and Username sign-in
Set password policy (min 8 chars, uppercase, lowercase, numbers, symbols)
User pool name: helium-prod-users
Create app client: helium-web-client
Enable authentication flows: USER_PASSWORD_AUTH, REFRESH_TOKEN_AUTH
Store credentials in Secrets Manager

Day 6-7: Monitoring Setup

Navigate to CloudWatch → Log groups
Create log groups:
- /aws/rds/cluster/helium-prod-aurora-cluster/postgresql
- /helium/migration
- /helium/dual-write
Enable X-Ray for ECS tasks
Create CloudWatch dashboard: helium-migration-dashboard
Review CloudFront configuration

Phase 1

Infrastructure Validation

Week 2

Day 1-2: Schema Migration

Export Supabase schema using pg_dump
Connect to Aurora using database client
Import schema to Aurora cluster
Verify all tables, indexes, and constraints
Check RLS policies migrated correctly

Day 3-4: Connection Testing

Test Aurora connection from ECS tasks
Test DynamoDB connection and operations
Test Cognito integration
Verify security groups and network connectivity
Monitor CloudWatch logs for connection results

Day 5-7: Performance Baseline

Navigate to RDS → Performance Insights
Run test queries and measure performance
Target: Simple queries < 10ms, Complex < 50ms
Navigate to DynamoDB → Metrics
Monitor read/write latency (Target: < 20ms)

Phase 2

Application Integration

Week 3-4

Day 1-10: Code Implementation

Create database abstraction layer (database_manager.py)
Implement base repository with dual-write logic
Update agent repository for dual-write support
Create DynamoDB repository for high-volume data
Update FastAPI application with database manager

Day 11-14: Deploy with Feature Flags

Navigate to AWS Console → ECS
Update task definition with environment variables:
- ENABLE_AURORA=true
- ENABLE_DYNAMODB=true
- WRITE_MODE=both
Build and push new Docker image to ECR
Update ECS service with new task definition
Monitor dual-write operations in CloudWatch

Phase 3

Multi-Region Expansion

Week 5-6

Day 1-3: Mumbai Region Setup

Switch to ap-south-1 region in AWS Console
Navigate to VPC and create Mumbai VPC
Create subnets, Internet Gateway, NAT Gateway
Navigate to ECS and verify existing cluster
Update existing services with new configurations

Day 4-6: Enable Aurora Global Database

Navigate to RDS in us-east-1
Select Aurora cluster helium-prod-aurora-cluster
Click Actions → Add AWS Region
Select Asia Pacific (Mumbai)
Configure Serverless v2 with same ACU settings
Repeat for Asia Pacific (Singapore)
Monitor replication progress (~30 minutes per region)

Day 7-10: Enable DynamoDB Global Tables

Navigate to DynamoDB in us-east-1
Select table helium-prod-data
Go to Global Tables tab
Click Create replica
Select Asia Pacific (Mumbai)
Repeat for Asia Pacific (Singapore)
Monitor replication status (~15 minutes per region)

Day 11-14: Update Regional Deployments

Update Mumbai ECS services with new task definitions
Update Singapore ECS services with new configurations
Implement regional routing logic in application
Verify cross-region replication working
Check replication lag < 2 seconds

Phase 4

Data Validation & Testing

Week 7-8

Day 1-3: Data Consistency Validation

Run validation scripts to compare Supabase vs Aurora
Verify row counts match across all tables
Check data integrity and constraints
Validate DynamoDB data consistency
Document any discrepancies found

Day 4-7: Performance Testing

Monitor CloudWatch metrics for all services
Use RDS Performance Insights for query analysis
Check DynamoDB Metrics for throughput
Run load testing with 100+ concurrent users
Verify X-Ray traces for distributed requests

Day 8-14: Security & Compliance

Review IAM permissions and roles
Check CloudTrail audit logs
Verify encryption at rest and in transit
Review Security Hub findings
Test backup and recovery procedures

Phase 5

User Migration

Week 9-10

Batch Migration Strategy

Batch 1: New/inactive users (500-1000)

Batch 2: Low-activity users (1000-1500)

Batch 3: Medium-activity users (1500-2000)

Batch 4: High-activity users (1000-1500)

Batch 5: Power users (500-1000)

Migration Process

Identify users for current batch using SQL queries
Navigate to Cognito → Users
Create users in Cognito with temporary passwords
Send migration notifications via SES
Monitor user authentication success rate
Collect user feedback and address issues
Wait 2-3 days before next batch

Phase 6

Cutover & Cleanup

Week 11-12

Day 1-7: Application Cutover

Run final data validation and sync
Navigate to ECS and update task definitions
Set environment variables:
- WRITE_MODE=aws
- ENABLE_COGNITO=true
Deploy to all regions (US, Mumbai, Singapore)
Monitor CloudWatch for 48 hours continuously
Verify all services using AWS-only backend

Day 8-14: Supabase Deprecation

Export final Supabase backup
Upload backup to S3 for archival
Navigate to Supabase Console
Pause project (don't delete immediately)
Keep paused for 30 days as safety net
Remove Supabase environment variables from ECS
Update documentation and celebrate! 🎉

Supabase to AWS Migration

Migration Overview

Current State

Target State

Key Principles

Migration Phases