feat(rds): add new check rds_instance_inside_vpc

[danibarranqueroo]

Context

Implemented a check to ensure that Amazon RDS instances are deployed within a Virtual Private Cloud (VPC). This check helps enhance security and network isolation by verifying that RDS instances are not publicly accessible and are properly integrated within a VPC for controlled access.

The way to know if an instance is deployed in a VPC comes across the DBSubnetGroup parameter of the Amazon RDS API, it allows to know if an instance is within a VPC, as this group defines the subnets within a VPC where an RDS instance can be deployed. If the field is present, the instance is in a VPC, and if it's absent, the instance is likely in EC2-Classic.

Another problem that came up during testing of the check is that AWS no longer allows creating an instance outside of a VPC. So, this check would only be useful for verifying old RDS instances, but all new ones will be in a VPC.

This issue also affects the unit test to verify instances not in a VPC because neither boto nor Moto allows me to create an instance outside of a VPC or in the old EC2-Classic environment. Therefore, this unit test needs to be mocked using MagicMock.

Description

Added new check rds_instance_inside_vpc with its unit tests.

Checklist

• Are there new checks included in this PR? Yes / No
  • If so, do we need to update permissions for the provider? Please review this carefully.
• Review if the code is being covered by tests.
• Review if code is being documented following this specification https://github.com/google/styleguide/blob/gh-pages/pyguide.md#38-comments-and-docstrings
• Review if backport is needed.

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov]

Codecov Report

Attention: Patch coverage is 87.50000% with 3 lines in your changes missing coverage. Please review.

Project coverage is 88.95%. Comparing base (1298620) to head (e301a29).
Report is 1245 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #5029      +/-   ##
==========================================
+ Coverage   88.90%   88.95%   +0.05%     
==========================================
  Files         946      958      +12     
  Lines       29061    29360     +299     
==========================================
+ Hits        25837    26118     +281     
- Misses       3224     3242      +18     

Components	Coverage Δ
prowler	88.95% <87.50%> (+0.05%)	⬆️
api	∅ <ø> (∅)

[MrCloudSec]

Good job! Please, see my changes to the code, you have to make sure that the check is working as expected. The db_subnet_group variable was never empty since you were always adding the keys name and vpc_id making the check to always reporting a PASS.