Improve Zappa/Terraform Migration

[rudransh-shrivastava]

Is your feature request related to a problem? Please describe.
Make minor fixes and improvements.

Describe the solution you'd like

general:

• Edit pre-commit hooks.
• Delete .terraform.lock.hcl from modules.
• Format the README.md with consistent indentation.
• Use stricter versioning.
• Add production.
• Use secrets' ARN instead of outputs.
• Tighten egress rules (currently all outbound traffic allowed).
• Make variable names consistent.
• Add WAF.
• Consistent resource tagging.
• Consistent descriptions.
• Add validation for variables.
• Add alerts and alarms for necessary resources/budget.
• Look into adding AWS security hub.
• Bug where security module updates module.security.aws_security_group.x each time terraform apply is used, despite no changes.
• Reduce jsonencode usage for larger configurations.

cache:

• Enable CloudWatch logs for cache module.

database:

• db_skip_final_snapshot is true by default.
• Add deletion protection.
• secret_recovery_window_in_days is 0 by default.

ecs:

• latest image tag is hardcoded for ECS tasks.
• Add lifecycle for untagged images.
• Consider using boto3 for ECS: load_data_task.
• Remove use of AWS-managed IAM policies (AmazonEC*).

network:

• Add VPC flow logs.
• Add NACLs.
• Add VPC endpoints.

storage:

• Enable logs for storage module.
• Add access logging for S3 buckets.
• Edit defaults like force_destroy_bucket in examples.
• Allow configurable bucket names to make them unique.
• Accidental deletion protection.
• Enable S3 Object Lock for state bucket.

A checkmark indicates that the task is referenced in a subissue or has been completed.

Are you going to work on implementing this?

• Yes
• No

Additional context
Parent Issue: #2214