As titled, I want to create a security group that can be used in all projects.
Let's said I have two security group:
A server running in admin project, its security group (server-sg) restrictions only allow the access source that has a specific security group (corey-sg), like this:
server_sg:
type: OS::Neutron::SecurityGroup
properties:
name: server-sg
rules:
- protocol: tcp
direction: ingress
port_range_min: 3389
port_range_max: 3389
remote_group_id: { get_resource: corey-sg }
remote_mode: remote_group_id
But, if I create corey-sg in admin project, I can't use it in any other projects, how do I create a security group that can be shared/recognized/used by all projects' instances, any idea?
Maybe you are looking for RBAC(Role-Based Access Control) policy, check from "Sharing a security group with specific projects".
FYI.
No other users (other than admins and the owner) will be able to see the security group.