File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -36,3 +36,18 @@ resource "aws_security_group_rule" "ingress_ssh_external" {
3636 ipv6_cidr_blocks = " ::/0"
3737 security_group_id = . external_ssh . id
3838}
39+
40+ resource "aws_security_group" "allow_metabase_postgres" {
41+ name = " allow-metabase"
42+ description = " Allow Metabase IPs to access RDS"
43+ }
44+
45+ resource "aws_security_group_rule" "ingress_allow_metabase_postgres" {
46+ type = " ingress"
47+ from_port = 5432
48+ to_port = 5432
49+ protocol = " tcp"
50+ # https://www.metabase.com/docs/latest/cloud/ip-addresses-to-whitelist
51+ cidr_blocks = " 18.207.81.126/32" " 3.211.20.157/32" " 50.17.234.169/32"
52+ security_group_id = . allow_metabase_postgres . id
53+ }
Original file line number Diff line number Diff line change @@ -181,5 +181,6 @@ resource "aws_db_instance" "default" {
181181 username = " receptor"
182182 skip_final_snapshot = true
183183 manage_master_user_password = true
184- vpc_security_group_ids = aws_security_group . internal . id , ]
184+ vpc_security_group_ids = aws_security_group . internal . id , aws_security_group . allow_metabase_postgres . id ]
185+ publicly_accessible = true
185186}
You can’t perform that action at this time.
0 commit comments