You can clone security groups to quickly create identical security groups across regions and network types. The clone operation is applicable to scenarios such as when you need to copy a large number of security group rules across regions and back up a large number of security group rules. This topic describes how to clone a security group in the Elastic Compute Service (ECS) console.
Prerequisites
Before you clone a security group from the classic network to a virtual private cloud (VPC), make sure that at least one VPC is available in the destination region. For more information, see Create and manage a VPC.
Scenarios
You may need to clone a security group in the following scenarios:
You create a security group named SG1 in Region A and you want to apply the same rules as those of SG1 to instances in Region B. You can clone SG1 to Region B without the need to create a new security group.
You create a security group named SG2 in the classic network and you want to apply the same rules as those of SG2 to instances that reside in a VPC. You can clone SG2 and select VPC as the network type for the clone security group in the Clone dialog box.
Before you apply new security group rules to an ECS instance on which an application is running, you can clone the current security groups of the instance to back up security group rules.
By default, a clone security group contains only the security group rules of the original security group. The ECS instances and elastic network interfaces (ENIs) that are associated with the original security group are not cloned.
Procedure
Log on to the ECS console.
In the left-side navigation pane, choose .
In the top navigation bar, select the region and resource group to which the resource belongs.
On the Security group page, find the security group that you want to clone and click Clone Security Group in the Operation column.
In the Clone Security Group dialog box, configure the clone security group.
Destination Region: Select a region for the clone security group.
Security Group Name: Specify a name for the clone security group.
VPC ID: Select a network type for the clone security group. You can select Classic Network or a VPC ID. If no VPC is available, click Create a VPC to go to the VPC console to create a VPC.
Retention Rule: Select whether to retain all rules of the original security group. If you select the check box, all rules of the original security group are cloned and rule priorities that are higher than 100 are reset to 100. If you do not select the check box, these rules are discarded.
Description: Specify a description for the clone security group.
Click Confirm.
NoteAfter the security group is cloned, the Clone Security Group dialog box closes. You can view the clone security group in the destination region on the Security group page.
References
After you clone a security group, you can perform the following operations:
Add cloud resources such as ECS instances and ENIs to the clone security group. For more information, see Manage resources associated with security groups.
Modify the rules or access control policies of the clone security group based on your business requirements to make sure that the security group adapts to the new network environment and security policies. For more information, see Modify a security group rule and Modify the internal access control policy of a basic security group.