You can create identical security groups by cloning a security group. Security groups can be cloned across regions and network types.

Prerequisites

If you want to change the network type of the clone security group to VPC, at least one VPC must exist in the destination region. For more information, see Create a VPC.

Background information

You can clone a security group in the following scenarios:
  • You have created a security group named SG1 in Region A, and you want to apply the same rules as those of SG1 to instances in Region B. You can clone SG1 to Region B without creating a new security group.
  • You have created a security group named SG2 in a classic network, and you want to apply the same rules as those of SG2 to instances located in a VPC. You can clone SG2 and select VPC as the network type for the clone security group in the Clone dialog box.
  • If you want to apply new security group rules to an ECS instance that is running an online application, you can clone the original security group to create a backup.

Procedure

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network and Security > Security Groups.
  3. In the top navigation bar, select a region.
  4. Find the security group to be cloned on the Security Groups page and click Clone in the Actions column.
  5. In the Clone dialog box, configure the clone security group.
    • Destination Region: Select a region for the clone security group. Note that only some regions are supported. The supported regions are displayed in the console.
    • Security Group Name: Enter a name for the clone security group.
    • Network Type: Select an applicable network type for the clone security group. If you set Network Type to VPC, select an available VPC in the destination region.
  6. Click OK.

Result

The Clone dialog box closes after the security group is cloned. You can find the clone security group on the Security Groups page.