Place rds database in private subnet

2025-05-22 22:37:03 -05:00
parent 9c690fe6a6
commit 1e82418cad
1 changed files with 7 additions and 2 deletions
--- a/infrastructure/stack.py
+++ b/infrastructure/stack.py
@@ -36,6 +36,11 @@ class IptvUpdaterStack(Stack):
                    name="public",
                    subnet_type=ec2.SubnetType.PUBLIC,
                    cidr_mask=24
+                ),
+                ec2.SubnetConfiguration(
+                    name="private",
+                    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED,
+                    cidr_mask=24
                )
            ]
        )
@@ -229,7 +234,7 @@ class IptvUpdaterStack(Stack):
            ),
            vpc=vpc,
            vpc_subnets=ec2.SubnetSelection(
-                subnet_type=ec2.SubnetType.PUBLIC
+                subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
            ),
            security_groups=[rds_sg],
            allocated_storage=10,
@@ -237,7 +242,7 @@ class IptvUpdaterStack(Stack):
            database_name="iptv_updater",
            removal_policy=RemovalPolicy.DESTROY,
            deletion_protection=False,
-            publicly_accessible=True
+            publicly_accessible=False  # Avoid public IPv4 charges
        )

        # Add RDS permissions to instance role