RDS Module: Custom Security Group rule

[sj-williams]

Background

Modernisation Platform hosted service requires access to Cloud Platform RDS instance. Traffic is routed via PTTP Transit Gateway, but additionally requires an inbound security rule to allow the MP source CIDR range.

See Slack thread: https://mojdt.slack.com/archives/C57UPMZLY/p1687855340821199

This ticket is to add the ability for CP users to define custom security group rules for their RDS instance in addition to the default CP node subnet ranges.

Proposed user journey

Approach

Which part of the user docs does this impact

Communicate changes

• [ ] post for #cloud-platform-update
• [ ] Weeknotes item
• [ ] Show the Thing/P&A All Hands/User CoP
• [ ] Announcements channel

Questions / Assumptions

Definition of done

• [ ] readme has been updated
• [ ] user docs have been updated
• [ ] another team member has reviewed
• [ ] smoke tests are green
• [ ] prepare demo for the team

Reference

How to write good user stories

[sj-williams]

After some work on updating the module - found out (thanks jake!) that the RDS module as it exists supports additional security group configs:

https://github.com/ministryofjustice/cloud-platform-terraform-rds-instance#input_vpc_security_group_ids

This means that CP users can add an SG group resource at the root tf level, and reference this in the variable.

Advised user that this method works without disruption to RDS service, awaiting their decision.

[sj-williams]

Awaiting PR from user