OpenStack Security Guide


This book provides best practices and conceptual information about securing an OpenStack cloud.


This guide was last updated during the Train release, documenting the OpenStack Train, Stein, and Rocky releases. It may not apply to EOL releases (for example Newton).

We advise that you read this at your own discretion when planning on implementing security measures for your OpenStack cloud.

This guide is intended as advice only.

The OpenStack Security team is based on voluntary contributions from the OpenStack community. You can contact the security community directly in the #openstack-security channel on OFTC IRC, or by sending mail to the openstack-discuss mailing list with the [security] prefix in the subject header.