From 5f140e01454ee8cf42fe2afda29e304b10bb2b7a Mon Sep 17 00:00:00 2001
From: Piotr Grzeskowiak <piotr.grzeskowiak@digital.justice.gov.uk>
Date: Mon, 21 Aug 2023 13:38:01 +0100
Subject: [PATCH] NIT-795 allow delius dbs to reach rman in legacy

---
 .../environments/delius-core/ec2_instance_db.tf    | 14 +++++++++++++-
 .../modules/environment_all_components/db_ec2.tf   | 14 +++++++++++++-
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/terraform/environments/delius-core/ec2_instance_db.tf b/terraform/environments/delius-core/ec2_instance_db.tf
index ab2056bbbd8..b2830116435 100644
--- a/terraform/environments/delius-core/ec2_instance_db.tf
+++ b/terraform/environments/delius-core/ec2_instance_db.tf
@@ -24,7 +24,19 @@ resource "aws_vpc_security_group_egress_rule" "base_ami_test_instance_https_out"
   )
 }
 
-resource "aws_vpc_security_group_ingress_rule" "db_ec2_instance_rman_in" {
+resource "aws_vpc_security_group_egress_rule" "db_ec2_instance_rman" {
+  security_group_id = aws_security_group.base_ami_test_instance_sg.id
+  cidr_ipv4         = local.environment_config_dev.legacy_engineering_vpc_cidr
+  from_port         = 1521
+  to_port           = 1521
+  ip_protocol       = "tcp"
+  description       = "Allow communication in out port 1521 to legacy rman"
+  tags = merge(local.tags,
+    { Name = "legacy-rman-out" }
+  )
+}
+
+resource "aws_vpc_security_group_ingress_rule" "db_ec2_instance_rman" {
   security_group_id = aws_security_group.base_ami_test_instance_sg.id
   cidr_ipv4         = local.environment_config_dev.legacy_engineering_vpc_cidr
   from_port         = 1521
diff --git a/terraform/environments/delius-core/modules/environment_all_components/db_ec2.tf b/terraform/environments/delius-core/modules/environment_all_components/db_ec2.tf
index f6159547fa3..eae6bd9873c 100644
--- a/terraform/environments/delius-core/modules/environment_all_components/db_ec2.tf
+++ b/terraform/environments/delius-core/modules/environment_all_components/db_ec2.tf
@@ -20,7 +20,19 @@ resource "aws_vpc_security_group_egress_rule" "db_ec2_instance_https_out" {
   )
 }
 
-resource "aws_vpc_security_group_ingress_rule" "db_ec2_instance_rman_in" {
+resource "aws_vpc_security_group_egress_rule" "db_ec2_instance_rman" {
+  security_group_id = aws_security_group.db_ec2_instance_sg.id
+  cidr_ipv4         = var.environment_config.legacy_engineering_vpc_cidr
+  from_port         = 1521
+  to_port           = 1521
+  ip_protocol       = "tcp"
+  description       = "Allow communication out on port 1521 to legacy rman"
+  tags = merge(local.tags,
+    { Name = "legacy-rman-out" }
+  )
+}
+
+resource "aws_vpc_security_group_ingress_rule" "db_ec2_instance_rman" {
   security_group_id = aws_security_group.db_ec2_instance_sg.id
   cidr_ipv4         = var.environment_config.legacy_engineering_vpc_cidr
   from_port         = 1521