For a census the app simply collects the post from a web form and persists it.

Given that it is a once every 10 year thing with fixed questions you are not far from having a write only app. Maybe you need something to allow people to go back to previous pages but beyond that I can't see the benefit in providing any application data retrieval.

So you have webforms (with validation), a back end validator that either rejects the post or persists it to a queue, a session store (REDIS is a candidate), the aforementioned queue, a queue reader to post the census into a DB.

SSL encryption end to end. An intrusion protection system. If anything you could pare the webservers down to the bare minimum required for this simple app. Disable all unused mods and plugins etc.

The webservers need to scale out, as does the queue.

Given that there is no immediate requirement for the data you could have different collections of webservers talking to different queues and DBs then merge the results post census day.

In AWS make sure your components are separated into separate subnets with security groups and Network ACLs applied.

Create an Amazon Machine Image for each hardware component so additional webservers can be spun up in seconds fully configured.

Put the hardware in autoscaling groups so if hardware fails it will be replaced automatically.

What have I missed?