Open lb port to source ip during setup and hardening

This commit is contained in:
Magnus Andersson 2024-10-30 12:25:44 +01:00
parent b497844e59
commit 840af98c51
Signed by: mandersson
GPG key ID: 1F7C896B34B28164
2 changed files with 21 additions and 1 deletions

View file

@ -6,6 +6,7 @@ resource "openstack_networking_port_v2" "lb1-port-dco" {
# A list of security group ID
security_group_ids = [
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.id,
resource.openstack_networking_secgroup_v2.lb-dco.id
]
admin_state_up = "true"
provider = openstack.dco
@ -28,7 +29,8 @@ resource "openstack_compute_instance_v2" "lb1-node-dco" {
key_pair = "${var.keynameworkers}"
provider = openstack.dco
security_groups = [
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name
resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name,
resource.openstack_networking_secgroup_v2.lb-dco.name
]
block_device {

View file

@ -0,0 +1,18 @@
# Security groups lb-frontend
resource "openstack_networking_secgroup_v2" "lb-dco" {
name = "lb-frontend"
description = "Ingress lb traffic to allow."
provider=openstack.dco
}
resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule_v4_dco" {
direction = "ingress"
ethertype = "IPv4"
protocol = "tcp"
port_range_min = "8443"
port_range_max = "8443"
provider = openstack.dco
remote_ip_prefix = "87.251.31.153/32"
security_group_id = openstack_networking_secgroup_v2.lb-dco.id
}