VPC Sharing, security groups, and RDS

I'm trying to create a setup where we (for non-production environments) will have a shared RDS Aurora v2 instance for all accounts. The purposes are partially because of cost, but primarily because of the time it takes to deploy RDS Aurora v2 via cloudformation which makes it difficult to include in any kind of CI/CD flow. I've read that you can use RDS Proxy Endpoints, but also VPC Sharing via RAM and the VPC Sharing via RAM felt easier to manage since it didn't look as if the account that would be accessing RDS had to share anything with the RDS account and this would make it easier to setup a new account and deploy a new stack. However, I can't figure out how to deal with security groups... In the account that holds the VPC and the RDS instance I have setup security groups, specifically one that the RDS instance is connected to and another one (let's call it LambdaSecurityGroup). The RDS group has an ingress rule that allows the LambdaSecurityGroup to access it on a selected port. Now, how do I manage this cross-account (same region) when using VPC Sharing? I.e. how can a Lambda in another account get access to the LambdaSecurityGroup or how can I add a new ingress rule to the RDS group which allows access from a new security group in another account? I've seen a couple of videos from AWS where they show this setup (but nothing about security groups) so I'm not sure if I'm missing something obvious. As an alternative I could also go the RDS Proxy Endpoints route, and would greatly appreciate if someone has some good resources on a setup like that, preferably aws-cdk, but cloudformation is ok as well.