forked from runtastic/terraform-provider-opennebula
-
Notifications
You must be signed in to change notification settings - Fork 3
Security Groups
Corey Melanson edited this page Jul 19, 2018
·
1 revision
The opennebula_secgroup resource accepts the following parameters:
| Parameter | Optional | Description |
|---|---|---|
| name | Required | Name of the security group |
| description | Optional | Description for the security group |
| commit | Optional | Boolean for whether changes to the security group should trigger a commit to update rules on outdated Virtual Machines. Defaults to "true". |
| rule | Required | Definition of a rule, see rule table below for a list of parameters. Can be specified multiple times. |
Rule Parameters:
| Parameter | Optional | Description |
|---|---|---|
| protocol | Required | Protocol for the rule, must be one of: ALL, TCP, UDP, ICMP or IPSEC |
| rule_type | Required | Direction of the traffic flow to allow, must be INBOUND or OUTBOUND |
| network_id | Optional | VNET ID to be used as the source/destination IP addresses |
| ip | Optional | IP (or starting IP if used with 'size') to apply the rule to |
| size | Optional | Number of IPs to apply the rule from, starting with 'ip' |
| range | Optional | Comma separated list of ports and port ranges |
| icmp_type | Optional | Type of ICMP traffic to apply to when 'protocol' is ICMP |
See https://docs.opennebula.org/5.4/operation/network_management/security_groups.html for more details on allowed values
Allow only port 22 and ICMP in, and any protocol out:
resource "opennebula_secgroup" "mysecgroup" {
name = "terrasec"
description = "Terraform security group"
rule {
protocol = "ALL"
rule_type = "OUTBOUND"
}
rule {
protocol = "TCP"
rule_type = "INBOUND"
range = "22"
}
rule {
protocol = "ICMP"
rule_type = "INBOUND"
}
}