remove database scan access configuration

[wyattwalter]

Description

Earlier this year we had some confusion about whether the regular VA database scans were required or not. We ended up going through the exercise of setting up access, getting a scan done (with results) and then getting told that the scan wasn't supposed to happen because all the controls it checks for are covered by the FedRAMP certification and VA approval for using RDS.

The documentation about what's required has been updated with the new information, but the infrastructure changes that allowed the scanning tool to reach the database needs to be removed.

This was done on both vets-api and GIDS in dev, staging, and prod.

The database users outlined here need to be removed: https://github.com/department-of-veterans-affairs/vets.gov-ato/pull/325/files

Then remove the password entry from Credstash: plat.global.rds.vansocscan.password

And finally firewall rules added in this PR should be removed: https://github.com/department-of-veterans-affairs/devops/pull/6222/files

AC

• [x] none of the GIDS or vets-api have the scanner user added
• [x] credstash key plat.global.rds.vansocscan.password no longer exists
• [x] database ports to the CSOC subnets are no longer open

[wyattwalter]

If anyone finds this ticket later, the reasoning for not needing this scan is documented in the README for the Database Scans folder on the ATO repo: https://github.com/department-of-veterans-affairs/vets.gov-ato/tree/master/assets/Database%20Scans