feat: add scripts, fix sg.

Author: missionmike

package.json

@@ -25,7 +25,14 @@
     "test:coverage": "jest --coverage",
     "prisma:generate": "prisma generate",
     "prisma:migrate": "prisma migrate dev",
-    "prisma:seed": "tsx prisma/seed/all.ts"
+    "prisma:seed": "tsx prisma/seed/all.ts",
+    "ssm:init": "./scripts/ssm.sh -init",
+    "ssm:connect:test": "./scripts/ssm.sh -connect:test",
+    "ssm:connect:prod": "./scripts/ssm.sh -connect:prod",
+    "ssm:stop": "./scripts/ssm.sh -stop",
+    "terraform:validate": "cd terraform && terraform validate",
+    "terraform:plan": "cd terraform && terraform plan",
+    "terraform:apply": "cd terraform && terraform apply"
   },
   "dependencies": {
     "@apollo/client": "^3.11.10",

scripts/ssm.sh

@@ -1,10 +1,12 @@
+#!/bin/bash
+
 # Accepts arguments: -init, -connect, -stop
 # -init:    Start the EC2 instance.
 # -connect: Connect to the EC2 instance and port-forward the RDS.
 # -stop:    Stop the EC2 instance.
 
 # Import everything from ../.env into environment.
-source ../.env
+source .env
 
 # If the first argument is -init, start the EC2 instance.
 if [ "$1" == "-init" ]; then
@@ -13,10 +15,19 @@ if [ "$1" == "-init" ]; then
 fi
 
 # If the first argument is -connect, connect to the EC2 instance and port-forward the RDS.
-aws ssm start-session \
-  --target $BASTION_EC2_INSTANCE_ID \
-  --document-name AWS-StartPortForwardingSessionToRemoteHost \
-  --parameters host="$RDS_TEST_INSTANCE_HOST",portNumber="5432",localPortNumber="5433"
+if [ "$1" == "-connect:test" ]; then
+  aws ssm start-session \
+    --target $BASTION_EC2_INSTANCE_ID \
+    --document-name AWS-StartPortForwardingSessionToRemoteHost \
+    --parameters host="$RDS_TEST_INSTANCE_HOST",portNumber="5432",localPortNumber="5433"
+fi
+
+if [ "$1" == "-connect:prod" ]; then
+  aws ssm start-session \
+    --target $BASTION_EC2_INSTANCE_ID \
+    --document-name AWS-StartPortForwardingSessionToRemoteHost \
+    --parameters host="$RDS_PROD_INSTANCE_HOST",portNumber="5432",localPortNumber="5433"
+fi
 
 # If the first argument is -stop, stop the EC2 instance.
 if [ "$1" == "-stop" ]; then

terraform/rds.tf

@@ -22,7 +22,7 @@ resource "aws_db_instance" "postgresql" {
 
   skip_final_snapshot = true
 
-  vpc_security_group_ids = [var.rds_security_group_id]
+  vpc_security_group_ids = [var.rds_security_group_id, aws_security_group.rds_sg.id]
   db_subnet_group_name   = aws_db_subnet_group.postgresql.name
 
   publicly_accessible = false
@@ -34,3 +34,32 @@ resource "aws_db_instance" "postgresql" {
     prevent_destroy = true
   }
 }
+
+
+resource "aws_security_group" "rds_sg" {
+  name        = "rds-security-group"
+  description = "Security group for RDS instances"
+  vpc_id      = aws_vpc.main.id
+
+  ingress {
+    from_port       = 5432
+    to_port         = 5432
+    protocol        = "tcp"
+    security_groups = [aws_security_group.bastion-sg.id]
+  }
+
+  egress {
+    from_port   = 0
+    to_port     = 0
+    protocol    = "-1"
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+
+  tags = {
+    Name = "rds-sg"
+  }
+
+  lifecycle {
+    prevent_destroy = true
+  }
+}