Scoring and Camunda services added to the platform

Atlas Infra now includes the new scoring workload and its Camunda runtime as part of the shared ECS platform.

• atlas-scoring runs as a dedicated ECS/Fargate service with its own ECR repository and runtime secret
• scoring consumes atlas.l2.transaction.deposit and publishes atlas.l3.user.score through the existing MSK cluster
• Camunda runs as a separate ECS/Fargate service with its own PostgreSQL RDS instance and runtime secret
• internal callers reach scoring through http://scoring:8083 over ECS Service Connect
• scoring reaches Camunda internally through ECS Service Connect instead of depending on a public hostname

The infrastructure change also introduced:

• a dedicated PostgreSQL 18.2 RDS instance for Camunda
• environment-specific database placement, with public access in staging and private placement in prod
• service-specific ECS task definitions, security groups, and CloudWatch log groups

The current ingress model is:

• the public ALB continues to front only the internet-facing Atlas surfaces
• scoring stays on the private east-west path inside ECS
• Camunda is intentionally kept off the public ALB and remains reachable only from internal workloads

That keeps the scoring and workflow path private while preserving the existing public entrypoints for the other services.