From 8f08c670d3a74d929fc192be498bbc0cc0916853 Mon Sep 17 00:00:00 2001
From: ICHINOSE Shogo <shogo82148@gmail.com>
Date: Mon, 11 Mar 2024 14:35:04 +0900
Subject: [PATCH] Add security group for RDS and allow ingress from bastion

---
 _integration/lib/integration-stack.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/_integration/lib/integration-stack.ts b/_integration/lib/integration-stack.ts
index f4b6ff8..159b4e2 100644
--- a/_integration/lib/integration-stack.ts
+++ b/_integration/lib/integration-stack.ts
@@ -27,12 +27,17 @@ export class IntegrationStack extends cdk.Stack {
     });
 
     // Relational Database Service
+    const rdsSG = new ec2.SecurityGroup(this, "RDSSG", {
+      vpc,
+    });
+    rdsSG.addIngressRule(bastionSG, ec2.Port.tcp(3306));
     const cluster = new rds.DatabaseCluster(this, "Database", {
       engine: rds.DatabaseClusterEngine.auroraMysql({
         version: rds.AuroraMysqlEngineVersion.VER_3_05_2,
       }),
       writer: rds.ClusterInstance.serverlessV2("writer"),
       vpc,
+      securityGroups: [rdsSG],
     });
   }
 }