From 3036512f856f481ca4a10292b714ec6921175fd7 Mon Sep 17 00:00:00 2001
From: Khalim Conn-Kowlessar <kconnkowlessar@gmail.com>
Date: Wed, 5 Jul 2023 18:27:51 +0100
Subject: [PATCH] Updated documentation

---
 infrastructure/terraform/README.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/infrastructure/terraform/README.md b/infrastructure/terraform/README.md
index 84d0d5bc..8f5e2ced 100644
--- a/infrastructure/terraform/README.md
+++ b/infrastructure/terraform/README.md
@@ -67,3 +67,20 @@ terraform workspace select prod
 ```
 
 Remember to update your variables file accordingly when planning and applying changes (`-var-file=prod.tfvars` for production, for example).
+
+## Future TODOS
+
+- At the moment, the database is publicly accessible. We could add an inbound rule to a security group to restrict access to the ip of the vercel application in prod which would look something like this:
+
+```
+resource "aws_security_group_rule" "allow_specific_ip" {
+    type = "ingress"
+    from_port = 5432
+    to_port = 5432
+    protocol = "tcp"
+    cidr_blocks = ["your.vercel.app.ip.address/32"]
+    security_group_id = aws_db_instance.default.vpc_security_group_ids[0]
+}
+```
+
+- Set up prod!