This topic describes how to restore rules from one security group to another. For example, if you want to apply new security group rules to an ECS instance that is running an online application, you can clone the security group to make a backup, and then modify the rules. If the new security group rules affect the online application, you can perform a complete or partial restoration of the security group rules.
Prerequisites
- The security group whose rules are to be restored (source security group) and the security group based on which rules in the source security group are to be restored (destination security group) must be in the same region.
- The source security group and the destination security group must be of the same network type.
Background information
- Completely Restore: deletes the rules that do not exist in the destination security group from the source security group, and adds the rules that exist only in the destination security group to the source security group. After the restoration is complete, the source security group has the same rules as the destination security group.
- Partially Restore: adds the rules that exist only in the destination security group to the source security group, and ignores the rules that exist only in the source security group.
Restoring security group rules has the following limits: If system-level security group rules with a priority of 110 exist in the destination security group, these rules cannot be created during restoration. Rules in the source security group after restoration may not be as expected. If you need the system-level security group rules, you must manually create them and set their priority to 100.
Procedure
- Log on to the ECS console.
- In the left-side navigation pane, choose .
- In the top navigation bar, select a region.
- On the Security Groups page, find the security group whose rules you want to restore and click Restore Rules in the Actions column.
- In the Restore Rules dialog box, perform the following operations: