RDS security group ingress rules

Varun Rao Bhamidimarri · Varun Rao Bhamidimarri · commit 05511535f9a2 · 2023-02-28T14:51:09.000-08:00
diff --git a/aws_emr_blog_v3/cloudformation/rds-database.template b/aws_emr_blog_v3/cloudformation/rds-database.template
@@ -10,6 +10,16 @@ Parameters:
   Subnet2:
       Description: ID of an existing subnet for the domain controller
       Type: AWS::EC2::Subnet::Id
+  VPCCIDR:
+    Description: VPC CIDR block
+    Type: String
+    MinLength: '9'
+    MaxLength: '18'
+    Default: 10.0.0.0/16
+    AllowedPattern: (\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})/(\d{1,2})
+    ConstraintDescription: It must be a valid IP CIDR range of the form x.x.x.x/x.
+      Suggest to enable access to your IP address only. Pls get your address using
+      checkip.amazonaws.com or whatsmyip.org.
   ClientIP:
     Description: The IP address range that can be used to connect to the RDS instances
       and EC2 instance from your local machine.It must be a valid IP CIDR range of
@@ -76,9 +86,9 @@ Resources:
         ToPort: -1
       SecurityGroupIngress:
       - IpProtocol: tcp
-        CidrIp: !Ref 'ClientIP'
-        FromPort: '22'
-        ToPort: '22'
+        CidrIp: !Ref 'VPCCIDR'
+        FromPort: '3306'
+        ToPort: '3306'
       - IpProtocol: tcp
         CidrIp: !Ref 'ClientIP'
         FromPort: '3306'
diff --git a/aws_emr_blog_v3/cloudformation/step2_ranger-rds-emr.template b/aws_emr_blog_v3/cloudformation/step2_ranger-rds-emr.template
@@ -351,6 +351,14 @@ Mappings:
   DefaultConfiguration:
     MachineConfiguration:
       BastionInstanceType: t2.small
+    NetworkConfiguration:
+      VPCCIDR: 10.0.0.0/16
+      PublicSubnet1CIDR: 10.0.1.0/24
+      PrivateSubnet1CIDR: 10.0.2.0/24
+      PublicSubnet2CIDR: 10.0.3.0/24
+      PrivateSubnet2CIDR: 10.0.4.0/24
+      PublicSubnet3CIDR: 10.0.5.0/24
+      PrivateSubnet3CIDR: 10.0.6.0/24
 Resources:
   RDSDatabase:
     Type: AWS::CloudFormation::Stack
@@ -363,7 +371,14 @@ Resources:
           - !Ref 'PrivateSubnet2AID'
           - !Ref AWS::NoValue
         VPC: !Ref VPC
-        ClientIP: !Ref CIDRAccessToPrivateSubnetResources
+        ClientIP: !FindInMap
+          - DefaultConfiguration
+          - NetworkConfiguration
+          - PrivateSubnet1CIDR
+        VPCCIDR: !FindInMap
+          - DefaultConfiguration
+          - NetworkConfiguration
+          - VPCCIDR
         MySQLDBPassword: !Ref DBRootPassword
         MySQLDBUserName: !Ref DBUserName
   CopyS3Artifacts:
