this covers most of your 12 points: https://github.com/lpm0073/cookiecutter-openedx-devops
note the following:
- on point 4, there are actually a variety of firewall protections. the cookiecutter creates somewhere around 10 security groups and IAM roles
- on point 10, the AWS DynamoDB (hosted MongoDB) service has compatibility problems. i had to back away from using this
there are several other things the Cookiecutter does, such as install hastexo’s experimental backup plugin, credentials plugins, MFE plugin, and so on.