From 1e82418cadf751c816d81fd4ee3defee1564e2f2 Mon Sep 17 00:00:00 2001
From: Stefano <stefano@fiorinis.com>
Date: Thu, 22 May 2025 22:37:03 -0500
Subject: [PATCH] Place rds database in private subnet

---
 infrastructure/stack.py | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/infrastructure/stack.py b/infrastructure/stack.py
index 2c51674..55db702 100644
--- a/infrastructure/stack.py
+++ b/infrastructure/stack.py
@@ -36,6 +36,11 @@ class IptvUpdaterStack(Stack):
                     name="public",
                     subnet_type=ec2.SubnetType.PUBLIC,
                     cidr_mask=24
+                ),
+                ec2.SubnetConfiguration(
+                    name="private",
+                    subnet_type=ec2.SubnetType.PRIVATE_ISOLATED,
+                    cidr_mask=24
                 )
             ]
         )
@@ -229,7 +234,7 @@ class IptvUpdaterStack(Stack):
             ),
             vpc=vpc,
             vpc_subnets=ec2.SubnetSelection(
-                subnet_type=ec2.SubnetType.PUBLIC
+                subnet_type=ec2.SubnetType.PRIVATE_ISOLATED
             ),
             security_groups=[rds_sg],
             allocated_storage=10,
@@ -237,7 +242,7 @@ class IptvUpdaterStack(Stack):
             database_name="iptv_updater",
             removal_policy=RemovalPolicy.DESTROY,
             deletion_protection=False,
-            publicly_accessible=True
+            publicly_accessible=False  # Avoid public IPv4 charges
         )
 
         # Add RDS permissions to instance role