chore(networking): add vpc CIDR blocks on database and cluster (#5569)

infra/terraform/main.tf

@@ -137,7 +137,7 @@ module "eks" {
   cluster_version = "1.32"
 
   enable_cluster_creator_admin_permissions = false
-  cluster_endpoint_public_access           = true
+  cluster_endpoint_public_access           = false
   cloudwatch_log_group_retention_in_days   = 365
 
   cluster_addons = {
@@ -160,6 +160,17 @@ module "eks" {
     }
   }
 
+  cluster_security_group_additional_rules = {
+    ingress_from_vpc_cidr = {
+      description = "Allow all traffic from the VPC CIDR"
+      from_port   = 0
+      to_port     = 0
+      protocol    = "-1"
+      type        = "ingress"
+      cidr_blocks = [local.vpc_cidr]
+    }
+  }
+
   kms_key_administrators = [
     tolist(data.aws_iam_roles.github.arns)[0],
     tolist(data.aws_iam_roles.administrator.arns)[0]

infra/terraform/rds.tf

@@ -49,7 +49,7 @@ module "rds-aurora" {
   db_subnet_group_name = module.vpc.database_subnet_group_name
   security_group_rules = {
     vpc_ingress = {
-      cidr_blocks = module.vpc.private_subnets_cidr_blocks
+      cidr_blocks = [module.vpc.vpc_cidr_block]
     }
   }
   performance_insights_enabled         = true