From f4d0c430ddca32368f3cd61e7f4fa5b248ce072e Mon Sep 17 00:00:00 2001
From: robertsweetman <robert.sweetman@digital.justice.gov.uk>
Date: Tue, 28 Jan 2025 12:18:13 +0000
Subject: [PATCH] allow winrm from RDS

---
 .../hmpps-domain-services/locals_security_groups.tf        | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/terraform/environments/hmpps-domain-services/locals_security_groups.tf b/terraform/environments/hmpps-domain-services/locals_security_groups.tf
index c4e3d5cdd7a..7023ce99c4e 100644
--- a/terraform/environments/hmpps-domain-services/locals_security_groups.tf
+++ b/terraform/environments/hmpps-domain-services/locals_security_groups.tf
@@ -147,6 +147,13 @@ locals {
           protocol    = "UDP"
           cidr_blocks = local.security_group_cidrs.rd_session_hosts
         }
+        winrm_rds = {
+          description = "5985: Allow WinRM TCP ingress (powershell remoting) for RDS"
+          from_port   = 5985
+          to_port     = 5986
+          protocol    = "TCP"
+          cidr_blocks = local.security_group_cidrs.rd_session_hosts
+        }
       }
       egress = {
         all = {