Spike: Investigate best option for users to connect to bde-fdw-rds

[billgeo]

So that we can start on #24, we want to understand the best option to access the database by LINZ users, e.g. networking and authentication options

Tasks

• Elaborate on the possible options below, description, pros and cons
• group discussion
• make decision

Possible options:

1. Provide instructions on how to tunnel connection via bastion host. User can still use their preferred flavour of sql clients (e.g. pgadmin or sql workbench). Not ideal, but it does follows the standard AWS pattern...
2. Investigate if we can reach the bde processor from non-prod. Ideally we don't want to carry the mess over to a centrally managed account, but the potential upside is we can use IAM connectivity with SSO (maybe). There is a bit of unknown with this option.
3. Mimic how users access prod bde currently from linz network. Probably the easiest option.

[billgeo]

Is this done then @Jimlinz? If IAM is an obvious choice, all good. Let's close this an move on.

[Jimlinz]

Option 3 outlined here seems like a good solution to address bde access: https://toitutewhenua.atlassian.net/wiki/spaces/AR/pages/80216093/Option+Analysis+AWS+RDS+Database+Authentication