From 4dc2c5e3df69bbde5327dab330a34296e6bbd755 Mon Sep 17 00:00:00 2001
From: Piyush Jain <122745947+d3vb0ox@users.noreply.github.com>
Date: Tue, 29 Apr 2025 14:21:11 +0530
Subject: [PATCH] chore(networking): add vpc CIDR blocks on database and
 cluster (#5569)

---
 infra/terraform/main.tf | 13 ++++++++++++-
 infra/terraform/rds.tf  |  2 +-
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/infra/terraform/main.tf b/infra/terraform/main.tf
index e7404e862c..0abf078d66 100644
--- a/infra/terraform/main.tf
+++ b/infra/terraform/main.tf
@@ -137,7 +137,7 @@ module "eks" {
   cluster_version = "1.32"
 
   enable_cluster_creator_admin_permissions = false
-  cluster_endpoint_public_access           = true
+  cluster_endpoint_public_access           = false
   cloudwatch_log_group_retention_in_days   = 365
 
   cluster_addons = {
@@ -160,6 +160,17 @@ module "eks" {
     }
   }
 
+  cluster_security_group_additional_rules = {
+    ingress_from_vpc_cidr = {
+      description = "Allow all traffic from the VPC CIDR"
+      from_port   = 0
+      to_port     = 0
+      protocol    = "-1"
+      type        = "ingress"
+      cidr_blocks = [local.vpc_cidr]
+    }
+  }
+
   kms_key_administrators = [
     tolist(data.aws_iam_roles.github.arns)[0],
     tolist(data.aws_iam_roles.administrator.arns)[0]
diff --git a/infra/terraform/rds.tf b/infra/terraform/rds.tf
index 6b3d63cb8a..c1a2b72f5d 100644
--- a/infra/terraform/rds.tf
+++ b/infra/terraform/rds.tf
@@ -49,7 +49,7 @@ module "rds-aurora" {
   db_subnet_group_name = module.vpc.database_subnet_group_name
   security_group_rules = {
     vpc_ingress = {
-      cidr_blocks = module.vpc.private_subnets_cidr_blocks
+      cidr_blocks = [module.vpc.vpc_cidr_block]
     }
   }
   performance_insights_enabled         = true