IAM permissions and security group ingress


I would like to know the following:

If I add a managed database through Qovery, how do I add ingress rules to the database security group such that other applications from a peered VPC can access it?

How can I add IAM permissions to the application deployed with Qovery? E.g., allow it invoking Lambda functions in a peered VPC, access s3 buckets, send emails with SES…