OpenStack Security Guide¶
Abstract¶
This book provides best practices and conceptual information about securing an OpenStack cloud.
Important
This guide was last updated during the Train release, documenting the OpenStack Train, Stein, and Rocky releases. It may not apply to EOL releases (for example Newton).
We advise that you read this at your own discretion when planning on implementing security measures for your OpenStack cloud.
This guide is intended as advice only.
The OpenStack Security team is based on voluntary contributions from the OpenStack community. You can contact the security community directly in the #openstack-security channel on OFTC IRC, or by sending mail to the openstack-discuss mailing list with the [security] prefix in the subject header.
Contents¶
- Conventions
- Introduction
- System documentation
- Management
- Secure communication
- API endpoints
- Identity
- Dashboard
- Compute
- Block Storage
- Image Storage
- Shared File Systems
- Networking
- Object Storage
- Secrets Management
- Message queuing
- Data processing
- Databases
- Tenant data privacy
- Instance security management
- Monitoring and logging
- Compliance
- Security review
- Security Checklist
- Appendix