Merge pull request #3142 from ministryofjustice/NIT-795-delius-db-add…

…-connectivity-between-delius-core-dev-and-legacy-eng-dev/out NIT-795 allow delius dbs to reach rman in legacy
ministryofjustice · Aug 21, 2023 · fcb09b5 · fcb09b5
2 parents d5830e7 + 5f140e0
commit fcb09b5
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 2 deletions.
diff --git a/terraform/environments/delius-core/ec2_instance_db.tf b/terraform/environments/delius-core/ec2_instance_db.tf
@@ -24,7 +24,19 @@ resource "aws_vpc_security_group_egress_rule" "base_ami_test_instance_https_out"
   )
 }
 
-resource "aws_vpc_security_group_ingress_rule" "db_ec2_instance_rman_in" {
+resource "aws_vpc_security_group_egress_rule" "db_ec2_instance_rman" {
+  security_group_id = aws_security_group.base_ami_test_instance_sg.id
+  cidr_ipv4         = local.environment_config_dev.legacy_engineering_vpc_cidr
+  from_port         = 1521
+  to_port           = 1521
+  ip_protocol       = "tcp"
+  description       = "Allow communication in out port 1521 to legacy rman"
+  tags = merge(local.tags,
+    { Name = "legacy-rman-out" }
+  )
+}
+
+resource "aws_vpc_security_group_ingress_rule" "db_ec2_instance_rman" {
   security_group_id = aws_security_group.base_ami_test_instance_sg.id
   cidr_ipv4         = local.environment_config_dev.legacy_engineering_vpc_cidr
   from_port         = 1521

diff --git a/terraform/environments/delius-core/modules/environment_all_components/db_ec2.tf b/terraform/environments/delius-core/modules/environment_all_components/db_ec2.tf
@@ -20,7 +20,19 @@ resource "aws_vpc_security_group_egress_rule" "db_ec2_instance_https_out" {
   )
 }
 
-resource "aws_vpc_security_group_ingress_rule" "db_ec2_instance_rman_in" {
+resource "aws_vpc_security_group_egress_rule" "db_ec2_instance_rman" {
+  security_group_id = aws_security_group.db_ec2_instance_sg.id
+  cidr_ipv4         = var.environment_config.legacy_engineering_vpc_cidr
+  from_port         = 1521
+  to_port           = 1521
+  ip_protocol       = "tcp"
+  description       = "Allow communication out on port 1521 to legacy rman"
+  tags = merge(local.tags,
+    { Name = "legacy-rman-out" }
+  )
+}
+
+resource "aws_vpc_security_group_ingress_rule" "db_ec2_instance_rman" {
   security_group_id = aws_security_group.db_ec2_instance_sg.id
   cidr_ipv4         = var.environment_config.legacy_engineering_vpc_cidr
   from_port         = 1521