[CLOUDS-7599] Remove default seclists from VCNs to prevent opening port 22 unnecessarily

[cale-at-ddog]

What

Remove the default Seclist rules from the VCN (as described here: https://registry.terraform.io/modules/oracle-terraform-modules/vcn/oci/latest/examples/hub-spoke?tab=inputs)

Why

So that Quickstart doesn't leave port 22 open in the VCN

Testing

Validated in dddevintegration1 against staging

[EamonBrady1]

we don't modify the datadog-oci-orm stuff anymore. Not sure if it's dead code (can ask Shallav when he's back), but for this PR we should remove the changes on this folder

[EamonBrady1]

Just because terraform behavior can sometimes deviate from OCI (even though extremely unlikely), probably best to at least run a "terraform plan" with these changes locally to verify. You can use the module generated here: https://dd.datad0g.com/integrations/oracle-cloud-infrastructure/add

And just reroute it to point to your local version

[EamonBrady1]

We'll also need to do a stack release for these changes which I believe is documented here: https://datadoghq.atlassian.net/wiki/spaces/ECI/pages/4486660723/ECI+Stack+deploy

After that, best to confirm that the new release contains your changes and works as intended

[bengillmandd]

In a similar vein - it might be worth setting lockdown_default_seclist = true when we initialize the vcn module. This way the port isn't open for a short period of time during apply step. Not a blocker though. https://github.com/DataDog/oracle-cloud-integration/blob/master/datadog-oci-orm/metrics-setup/vcn.tf#L12

[cale-at-ddog]

@bengillmandd I can try that. Claude's analysis was that setting lockdown to true wouldn't create the default list at all, which would then make setting up the seclist fail, but there may be other ways around it.

[christianbagley-mke]

@cale-at-ddog Is this a duplicate of #86 (comment) ?

[cale-at-ddog]

@christianbagley-mke Yes, I think they are closely related.

[EamonBrady1]

LGTM