Improve Zappa/Terraform Migration

[rudransh-shrivastava]

Is your feature request related to a problem? Please describe.
Make minor fixes and improvements.

Describe the solution you'd like

general:

• Add more pre-commit hooks.
• Delete .terraform.lock.hcl from modules.
• Format the README.md with consistent indentation.
• Use stricter versioning.
• Add production.
• Use secrets' ARN instead of outputs.
• Tighten egress rules (currently all outbound traffic allowed).
• Add Makefile(s).
• Make variable names consistent.
• Add WAF.
• Rotate secrets.
• Consistent resource tagging.
• Add ALB.
• Add validation for variables.
• Add VPC endpoints.
• Use CMK instead of AWS managed keys.
• Add alerts and alarms for necessary resources/budget.
• Look into adding AWS security hub.

cache:

• Enable CloudWatch logs for cache module.
• Currently single node. Look into cluster mode.

database:

• Add documentation for create_rds_proxy flag.
• db_skip_final_snapshot is true by default.
• Add deletion protection.
• secret_recovery_window_in_days is 0 by default.
• Enable performance insights.
• Enable multi-AZ configuration.

ecs:

• latest image tag is hardcoded for ECS tasks.
• Consider using boto3 for ECS: load_data_task.
• Remove use of AWS-managed IAM policies (AmazonEC*).

network:

• add VPC flow logs.
• add NACLs.

storage:

• Resolve #NOSONAR comments.
• Enable logs for storage module.
• Add access logging for S3 buckets.
• Edit defaults like force_destroy_bucket in examples.
• Allow configurable bucket names to make them unique
• Accidental deletion protection.
• Enable S3 Object Lock for state bucket.
• MFA delete on state bucket.

zappa:

• Manage Zappa IAM role explicitly.

More to be added...

Are you going to work on implementing this?

• Yes
• No

Additional context
Parent Issue: #2214