Open lb port to source ip during setup and hardening

2024-10-30 12:25:44 +01:00 · 2024-10-30 12:25:44 +01:00 · 840af98c51
parent b497844e59
commit 840af98c51
2 changed files with 21 additions and 1 deletions
--- a/IaC-test/lb.tf
+++ b/IaC-test/lb.tf
@ -6,6 +6,7 @@ resource "openstack_networking_port_v2" "lb1-port-dco" {
  # A list of security group ID
  security_group_ids  = [
                          resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.id,
                          resource.openstack_networking_secgroup_v2.lb-dco.id
                        ]
  admin_state_up      = "true"
  provider            = openstack.dco
@ -28,7 +29,8 @@ resource "openstack_compute_instance_v2" "lb1-node-dco" {
  key_pair        = "${var.keynameworkers}"
  provider        = openstack.dco
  security_groups = [
-                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name
+                      resource.openstack_networking_secgroup_v2.ssh-from-jump-hosts-dco.name,
                      resource.openstack_networking_secgroup_v2.lb-dco.name
                    ]
  block_device {
--- a/IaC-test/securitygroups-lb.tf
+++ b/IaC-test/securitygroups-lb.tf
@ -0,0 +1,18 @@
 # Security groups lb-frontend
 resource "openstack_networking_secgroup_v2" "lb-dco" {
  name        = "lb-frontend"
  description = "Ingress lb traffic to allow."
  provider=openstack.dco
 }
 resource "openstack_networking_secgroup_rule_v2" "lb_ingress_rule_v4_dco" {
  direction         = "ingress"
  ethertype         = "IPv4"
  protocol          = "tcp"
  port_range_min    = "8443"
  port_range_max    = "8443"
  provider          = openstack.dco
  remote_ip_prefix  = "87.251.31.153/32"
  security_group_id = openstack_networking_secgroup_v2.lb-dco.id
 }