outerbounds
Need additional parameter for RDS security group
For teams leveraging the module, there's currently no way to pass in additional CIDRs to the created RDS security group for things like VPN access for maintenance, handling migrations of metaflow services to kubernetes clusters without redeploying / importing the RDS, etc.
The current way to do this is to define an aws security group rule and attach it to the RDS security group, however a TF bug creates a scenario where this rule requires a double apply (first apply attaches, second apply detaches, third apply re-attaches). This creates intermittent issues for anything that is not the metaflow metadata service trying to connect to the RDS backend.
Opened up this PR to address https://github.com/outerbounds/terraform-aws-metaflow/pull/90