Addresses Issue outerbounds#89 by adding support for optional RDS SG ingress CIDR

cstano-attn · cstano-attn · commit 4da88ed60c0d · 2024-03-01T11:45:23.000-05:00
diff --git a/main.tf b/main.tf
@@ -8,6 +8,7 @@ module "metaflow-datastore" {
   resource_suffix = local.resource_suffix
 
   metadata_service_security_group_id = module.metaflow-metadata-service.metadata_service_security_group_id
+  rds_sg_ingress_cidr                = var.rds_sg_ingress_cidr
   metaflow_vpc_id                    = var.vpc_id
   subnet1_id                         = var.subnet1_id
   subnet2_id                         = var.subnet2_id
diff --git a/modules/datastore/rds.tf b/modules/datastore/rds.tf
@@ -31,6 +31,13 @@ resource "aws_security_group" "rds_security_group" {
     security_groups = [var.metadata_service_security_group_id]
   }
 
+  ingress {
+    from_port       = 5432
+    to_port         = 5432
+    protocol        = "tcp"
+    cidr_blocks     = var.rds_sg_ingress_cidr
+  }
+
   # egress to anywhere
   egress {
     from_port   = 0
diff --git a/modules/datastore/variables.tf b/modules/datastore/variables.tf
@@ -71,3 +71,9 @@ variable "enable_key_rotation" {
   description = "Enable key rotation for KMS keys"
   default     = false
 }
+
+variable "rds_sg_ingress_cidr" {
+  type        = list(string)
+  description = "Add additional ingress CIDR access rules to RDS SG"
+  default     = []
+}
diff --git a/variables.tf b/variables.tf
@@ -199,3 +199,9 @@ variable "enable_key_rotation" {
   description = "Enable key rotation for KMS keys"
   default     = false
 }
+
+variable "rds_sg_ingress_cidr" {
+  type        = list(string)
+  description = "Add additional ingress CIDR access rules to RDS SG"
+  default     = []
+}
