Open up MySQL port for vault => metricsdb1 in corp

terraform/aws/corporate/inputs.tf

@@ -40,6 +40,12 @@ variable "vault_load_balancer_security_group_id" {
   default = "sg-cb97a3b9"
 }
 
+variable "vault_security_group_id" {
+  type = "string"
+  description = "The VPC security group ID for the Vault nodes / ec2 instances themselves."
+  default = "sg-49af9b3b"
+}
+
 variable "vault_dns_record_name" {
   type = "string"
   description = "The record to create on the wpesvc.net to point at Vault's internally facing Application Load Balancer."
@@ -58,6 +64,12 @@ variable "corporate_core_metrics_subnet_id" {
   default     = "subnet-d3b549f9"
 }
 
+variable "metricsdb_security_group_id" {
+  type = "string"
+  description = "The VPC security group ID for the metricsdb nodes / ec2 instance."
+  default = "sg-f4065b8d"
+}
+
 variable "cm_subnet_id" {
   type = "string"
   description = "Subnet ID for the cm-aws instance"

terraform/aws/corporate/main.tf

@@ -45,6 +45,17 @@ module "corporate_core_metrics_to_vault" {
   }
 }
 
+resource "aws_security_group_rule" "allow_vault_server_to_metricsdb_mysql" {
+  provider                  = "aws.corporate"
+  type                      = "ingress"
+  from_port                 = 3306
+  to_port                   = 3306
+  protocol                  = "tcp"
+  source_security_group_id  = "${var.vault_security_group_id}"
+
+  security_group_id = "${var.metricsdb_security_group_id}"
+}
+
 module "cm_to_vault" {
   source = "git@github.com:wpengine/infraform.git//modules/aws-vpc-peering-to-vault-vpc?ref=v1.41"