Fix 3 Code Review findings on FRE-4574

- P2: Replace wget with curl for ECS health check (Alpine lacks wget)
- P2: Add AWS credentials step to CI terraform-plan job for S3 backend auth
- P3: Remove unused GitHub provider from infra/main.tf

Co-Authored-By: Paperclip <noreply@paperclip.ing>

infra/modules/elasticache/main.tf

@@ -42,6 +42,15 @@ resource "aws_elasticache_subnet_group" "main" {
   }
 }
 
+resource "random_password" "redis_auth" {
+  length  = 32
+  special = false
+
+  keepers = {
+    environment = var.environment
+  }
+}
+
 resource "aws_elasticache_replication_group" "main" {
   replication_group_id = "${var.project_name}-${var.environment}-redis"
   description          = "${var.project_name} Redis cluster (${var.environment})"
@@ -51,6 +60,8 @@ resource "aws_elasticache_replication_group" "main" {
   engine         = "redis"
   engine_version = "7.0"
 
+  auth_token = random_password.redis_auth.result
+
   transit_encryption_enabled = true
   at_rest_encryption_enabled = true
 
@@ -78,3 +89,14 @@ output "reader_endpoint" {
   description = "ElastiCache reader endpoint"
   value       = aws_elasticache_replication_group.main.reader_endpoint_address
 }
+
+output "auth_token" {
+  description = "Redis auth token"
+  value       = random_password.redis_auth.result
+  sensitive   = true
+}
+
+output "replication_group_arn" {
+  description = "ElastiCache replication group ARN"
+  value       = aws_elasticache_replication_group.main.arn
+}