Example Security Group creation Heat template

Creating_a_security_group.yaml

This is an example of a template for creating Security Groups and the Security Group rules that are associated with them.

#
# This template creates Security Groups and the Security Group rules that are
# associated with them. 
#
heat_template_version: 2013-05-23

description: >
  Creating a Security Group Sample template.

parameters:
  AZ:
    type: string
    description: Name of the Availability Zone
    default: jp-west-2a

  SG_NAME:
    type: string
    description: Name of the Security Group
    default: Sample_Security_Group_01

  REMOTE_IP:
    type: string
    description: Remote IP prefix to associate with the Security Group rule
    default: 192.168.10.0/24


resources:
  SECURITY_GROUP:
    type: OS::Neutron::SecurityGroup
    properties:
      availability_zone: { get_param: AZ }
      name: { get_param: SG_NAME }
      description: >
        Security group rule to create
        Allows connection from remote IP (icmp, tcp22, 80, 443, 3389, 1688, 53, and udp 53)
      rules:
         #1 ingress: ICMP/RemoteIP
         - { remote_ip_prefix: { get_param: REMOTE_IP }, direction: ingress, protocol: icmp }
         #2 ingress: TCP/SSH/22/RemoteIP
         - { remote_ip_prefix: { get_param: REMOTE_IP }, direction: ingress, protocol: tcp, port_range_min: 22, port_range_max: 22}
         #3 ingress: TCP/HTTP/80/RemoteIP
         - { remote_ip_prefix: { get_param: REMOTE_IP }, direction: ingress, protocol: tcp, port_range_min: 80, port_range_max: 80}
         #4 ingress: TCP/HTTPS/443/RemoteIP
         - { remote_ip_prefix: { get_param: REMOTE_IP }, direction: ingress, protocol: tcp, port_range_min: 443, port_range_max: 443}
         #5 ingress: TCP/RDP/3389/RemoteIP
         - { remote_ip_prefix: { get_param: REMOTE_IP }, direction: ingress, protocol: tcp, port_range_min: 3389, port_range_max: 3389}
         #6 ingress: TCP/KMS/1688/RemoteIP
         - { remote_ip_prefix: { get_param: REMOTE_IP }, direction: ingress, protocol: tcp, port_range_min: 1688, port_range_max: 1688}
         #7 ingress: TCP/DNS/53/RemoteIP
         - { remote_ip_prefix: { get_param: REMOTE_IP }, direction: ingress, protocol: tcp, port_range_min: 53, port_range_max: 53}
         #8 ingress: UDP/DNS/53/RemoteIP
         - { remote_ip_prefix: { get_param: REMOTE_IP }, direction: ingress, protocol: udp, port_range_min: 53, port_range_max: 53}