OpenStack Security Group

Star 0
Version 1.0.1
OpenStack Security Group
Repository
Maintainers
support[at]europeanweather.cloud
License
MIT License
Support level
EWC
Category
Network
Technology
Terraform Module

OpenStack Security Group

💡 The module supports complex rule sets, such as those required to create a subnet security group for IPA services (i.e. Kerberos, LDAP and DNS).

This Terraform module creates and configures an OpenStack Security Group with a user-defined set of rules. It is designed to be reusable, flexible, and aligned with Terraform best practices for OpenStack deployments.

More specifically, the module:

  • Creates an OpenStack Security Group with customizable name and description.
  • Attaches an arbitrary number of user-defined rules to the security group.

Usage

module "ipa_security_group" {
  source = "/path/to/terraform/module"

  security_group_name = "ipa"

  security_group_rules = [
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "tcp"
      port_range_min   = 80
      port_range_max   = 80
      remote_ip_prefix = "10.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "udp"
      port_range_min   = 123
      port_range_max   = 123
      remote_ip_prefix = "10.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "tcp"
      port_range_min   = 88
      port_range_max   = 88
      remote_ip_prefix = "10.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "udp"
      port_range_min   = 88
      port_range_max   = 88
      remote_ip_prefix = "10.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "tcp"
      port_range_min   = 53
      port_range_max   = 53
      remote_ip_prefix = "10.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "udp"
      port_range_min   = 53
      port_range_max   = 53
      remote_ip_prefix = "10.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "tcp"
      port_range_min   = 389
      port_range_max   = 389
      remote_ip_prefix = "10.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "tcp"
      port_range_min   = 22
      port_range_max   = 22
      remote_ip_prefix = "0.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "tcp"
      port_range_min   = 636
      port_range_max   = 636
      remote_ip_prefix = "10.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "tcp"
      port_range_min   = 464
      port_range_max   = 464
      remote_ip_prefix = "10.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "udp"
      port_range_min   = 464
      port_range_max   = 464
      remote_ip_prefix = "10.0.0.0/0"
    },
    {
      direction        = "ingress"
      ether_type       = "IPv4"
      protocol         = "tcp"
      port_range_min   = 443
      port_range_max   = 443
      remote_ip_prefix = "10.0.0.0/0"
    }
  ]

  tags = {
    environment       = "production"
    project           = "ewc"
    provisioning-tool = "terraform"
  }
}

Inputs

Name Description Type Default Required
security_group_name Name of the security group. Example: ipa string n/a yes
security_group_description Description of the security group string n/a no
security_group_rules List of security group rules list(object({direction = string, ether_type = string, protocol = string, port_range_min = number, port_range_max = number, remote_ip_prefix = string})) n/a yes
tags Map of tags to assign to the security group map(string) {} no

Security Group Rules Input Structure

Each rule in the security_group_rules list is an object with the following attributes:

  • direction: The direction of the rule (ingress or egress).
  • ether_type: The ether type (IPv4 or IPv6).
  • protocol: The protocol (e.g., tcp, udp, icmp, or null for any).
  • port_range_min: The minimum port number (1-65535, or null for protocols like icmp).
  • port_range_max: The maximum port number (1-65535, or null for protocols like icmp).
  • remote_ip_prefix: The remote IP prefix in CIDR notation (e.g., 10.0.0.0/0).

SW Bill of Materials (SBoM)

Third-party components used in the working environment.

The following components will be included in the working environment:

Component Version License Home URL
terraform-provider-openstack 1.53.0 MPL-2.0 https://github.com/terraform-provider-openstack/terraform-provider-openstack

Outputs

Name Description
security_group_id ID of the created security group
security_group_name Name of the created security group
security_group_rules List of created security group rule IDs
Other
Deployable