fix(infra): harden RDS backups, Redis Multi-AZ, bootstrap script, ECS deploy strategy

[observerr411]

Summary

Resolves four infrastructure reliability issues in a single PR.

Changes

#956 — RDS automated backups

• Added deletion_protection variable (default false, set true in prod tfvars)
• backup_retention_period already wired to variable; default hardened to 7 days
• backup_window = "03:00-04:00" explicitly set
• Added rds_backup_test.go (Terratest) asserting retention ≥ 7, backup window present, deletion_protection enabled

#957 — Redis ElastiCache Multi-AZ

• Replaced aws_elasticache_cluster with aws_elasticache_replication_group
• automatic_failover_enabled and multi_az_enabled driven by new redis_multi_az_enabled variable (default true)
• num_cache_clusters enforced ≥ 2
• Documented failover RTO (~60–120 s) in infrastructure/README.md

#958 — Bootstrap script error handling

• Added set -euo pipefail
• Idempotency: skip S3/DynamoDB creation if resource already exists
• Post-creation verification via head-bucket, describe-table, status checks
• Prints exact backend config block to paste into main.tf on success

#959 — ECS zero-downtime deploy

• Set deployment_minimum_healthy_percent = 100 and deployment_maximum_percent = 200
• Added deployment_circuit_breaker { enable = true, rollback = true }
• Created docs/deployment.md documenting deploy sequence, manual rollback steps, and CodeDeploy blue-green assessment

Testing

• Terraform modules validated with terraform validate
• RDS Terratest added (rds_backup_test.go)
• Bootstrap script tested locally with bash -n syntax check

Closes #956
Closes #957
Closes #958
Closes #959

[drips-wave]

@observerr411 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits