Made sg settings more restrictive

Signed-off-by: Tomislaw <[email protected]>

cdk/cdk/database_stack.py

@@ -25,6 +25,14 @@ def __init__(
             vpc=vpc_stack.vpc,
             description="Security group for RDS instance",
             security_group_name="omi-database-sg",
+            allow_all_outbound=False,
+        )
+
+        # Allow inbound PostgreSQL traffic from within VPC
+        self.db_security_group.add_ingress_rule(
+            peer=ec2.Peer.ipv4(vpc_stack.vpc.vpc_cidr_block),
+            connection=ec2.Port.tcp(5432),
+            description="Allow PostgreSQL access from within VPC",
         )
 
         self.db_name = "omidb"

cdk/cdk/ecs_stack.py

@@ -43,6 +43,7 @@ def __init__(
             vpc=vpc_stack.vpc,
             description="Security group for backend service",
             security_group_name="omi-backend-sg",
+            allow_all_outbound=False,
         )
 
         frontend_sg = ec2.SecurityGroup(
@@ -51,6 +52,7 @@ def __init__(
             vpc=vpc_stack.vpc,
             description="Security group for frontend service",
             security_group_name="omi-frontend-sg",
+            allow_all_outbound=False,
         )
 
         # Create EFS File System