This topic describes how to create identical security groups by means of cloning. Security groups can be cloned across regions and network types.

Prerequisites

Before you clone a security group from the classic network to a virtual private cloud (VPC), make sure that at least one VPC is available in the destination region. For more information, see Create and manage a VPC.

Background information

You can clone a security group in the following scenarios:
  • You have created a security group named SG1 in Region A and you want to apply the same rules as those of SG1 to instances in Region B. You can clone SG1 to Region B without the need to create a new security group.
  • You have created a security group named SG2 in the classic network and you want to apply the same rules as those of SG2 to instances in a VPC. You can clone SG2 and select VPC as the network type for the clone security group in the Clone dialog box.
  • You want to apply new security group rules to an ECS instance that is running an online application. You can clone the original security group for backup.
Note By default, a clone security group contains only the security group rules of the original security group. The Elastic Compute Service (ECS) instances and elastic network interfaces (ENIs) that are associated with the original security group are not cloned.

Procedure

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > Security Groups.
  3. In the top navigation bar, select a region.
  4. On the Security Groups page, find the security group that you want to clone and click Clone in the Actions column.
  5. In the Clone dialog box, configure the following parameters for the clone security group:
    • Destination Region: Select a region for the clone security group. Only the regions that are displayed in the ECS console are supported.
    • Security Group Name: Specify a name for the clone security group.
    • Description: Specify a description for the clone security group.
    • Network Type: Select a network type for the clone security group. If you set Network Type to VPC, select an available VPC in the destination region.
    • Import All Rules: Specify whether to import all rules of the original security group to the clone security group. If you select Import All Rules, all rules of the original security group are cloned, and rule priorities that are higher than 100 are reset to 100.
    • Copy Tags of Current Security Group: Specify whether to copy the tags of the original security group to the clone security group.
  6. Click OK.

Result

After you clone the security group, the Clone dialog box closes. You can view the clone security group on the Security Groups page of the destination region.