GROUP-105 Migrate to AWS

[makmn1]

Description of Changes

• Adds application-prod.yml file. Previously this would have been added by Kustomize via Kubernetes, but since we're migrating away from Kubernetes, it's easier to just keep it with the application. Can be toggled by setting the SPRING_PROFILES_ACTIVE environment variable to prod
• Updates build.gradle's bootBuildImage task to bind a volume to the packaged container. This volume is the root certificate authority needed to verify the postgres server's certificate when connecting to the AWS RDS Postgres instance with SSL.
• Steps were added to the commit stage to download and store the latest root certificate authority from Amazon to be used when connecting to the Postgres instance

Additional Info / Concerns

Types of SSL Modes supported by Postgres

Difference between verify-ca and verify-full:

The difference between verify-ca and verify-full depends on the policy of the root CA. If a public CA is used, verify-ca allows connections to a server that somebody else may have registered with the CA. In this case, verify-full should always be used. If a local CA is used, or even a self-signed certificate, using verify-ca often provides enough protection.

Why prefer is the default, but not recommended for secure deployments:

The default value for sslmode is prefer. As is shown in the table, this makes no sense from a security point of view, and it only promises performance overhead if possible. It is only provided as the default for backward compatibility, and is not recommended in secure deployments.

Finally, picking verify-full gives us more confidence that we're speaking to the server we're intending to on an encrypted connection, helping to prevent man-in-the-middle attacks (an attacker would not only need to intercept application traffic on our AWS private VPC, but also intercept the certificate download from the GitHub Action initiating the download).