All Products
Search
Document Center

Elastic Compute Service:Clone a security group

Last Updated:Oct 31, 2023

You can clone security groups to quickly create identical security groups. Security groups can be cloned across regions and network types.

Prerequisites

Before you clone a security group from the classic network to a virtual private cloud (VPC), make sure that at least one VPC is available in the destination region. For more information, see Create and manage a VPC.

Scenarios

You may need to clone a security group in the following scenarios:

  • You create a security group named SG1 in Region A and you want to apply the same rules as those of SG1 to instances in Region B. You can clone SG1 to Region B without the need to create a new security group.

  • You create a security group named SG2 in the classic network and you want to apply the same rules as those of SG2 to instances that reside in a VPC. You can clone SG2 and select VPC as the network type for the clone security group in the Clone dialog box.

  • Before you apply new security group rules to an Elastic Compute Service (ECS) instance on which an application is running, you can clone the current security groups of the instance to back up security group rules.

Note

By default, a clone security group contains only the security group rules of the original security group. The ECS instances and elastic network interfaces (ENIs) that are associated with the original security group are not cloned.

Procedure

  1. Log on to the ECS console.

  2. In the left-side navigation pane, choose Network & Security > Security Groups.

  3. In the upper-left corner of the top navigation bar, select a region. 地域

  4. On the Security Groups page, find the security group that you want to clone and click Clone in the Actions column.

  5. In the Clone dialog box, configure the following parameters for the clone security group:

    • Destination Region: Select a region for the clone security group. Only the regions that are displayed in the ECS console are supported.

    • Security Group Name: Specify a name for the clone security group.

    • Description: Specify a description for the clone security group.

    • Network Type: Select a network type for the clone security group. If you set Network Type to VPC, select an available VPC in the destination region.

    • Import All Rules: Specify whether to import all rules of the original security group to the clone security group. If you select Import All Rules, all rules of the original security group are cloned and rule priorities that are higher than 100 are reset to 100.

    • Copy Tags of Current Security Group: Specify whether to copy the tags of the original security group to the clone security group.

  6. Click OK.

Result

After the security group is cloned, the Clone dialog box closes. You can view the clone security group on the Security Groups page of the destination region.