How do I access RDS database in the Reference Architecture from terraform machine?
I'm trying to use the `postgresql` provider to provision a couple of database users onto every database that we deploy with the `rds` module from the service catalog. It has to establish a client connection to the database to do this, and it's failing to connect to the RDS instances with a timeout. Can anybody give me pointers on what I'll need to modify in our Gruntworks architecture (security groups? network ACLs? both?) to enable this? --- <ins datetime="2022-04-28T14:33:44Z"> <p><a href="https://gruntwork.zendesk.com/agent/tickets/108522">Tracked in ticket #108522</a></p> </ins>
The following are necessary to allow `terraform` access. Some of these can be skipped depending on your operating model (e.g., if you only use ECS Deploy Runner), but you will most likely want to enable all of them. - Implement VPC peering between the `mgmt` VPC (where ECS Deploy Runner runs) and the `app` VPC, and link the private subnets of the `mgmt` VPC to the app. - This can be done using the peering parameters in the [vpc module](https://github.com/gruntwork-io/terraform-aws-service-catalog/tree/master/modules/networking/vpc). - Update the `allow_connections_from_cidr_blocks` input variable in the `rds` module to allow connections from private subnets of the `mgmt` VPC. - If you are using OpenVPN to connect from your local machine, update the `allow_connections_from_cidr_blocks` to include the OpenVPN subnet. See https://github.com/gruntwork-io/knowledge-base/discussions/359 for more details on which CIDR to use.