This topic describes how to create identical security groups by means of cloning. Security groups can be cloned across regions and network types.

Prerequisites

If you want to clone a security group from the classic network to a virtual private cloud (VPC), at least one VPC is created in the destination region. For more information, see Create and manage a VPC.

Background information

You can clone a security group in the following scenarios:
  • You have created a security group named SG1 in Region A and you want to apply the same rules as those of SG1 to instances in Region B. You can clone SG1 to Region B without the need to create a new security group.
  • You have created a security group named SG2 in the classic network and you want to apply the same rules as those of SG2 to instances in a VPC. You can clone SG2 and select VPC as the network type for the clone security group in the Clone dialog box.
  • You want to apply new security group rules to an ECS instance that is running an online application. You can clone the original security group for backup.

Procedure

  1. Log on to the ECS console.
  2. In the left-side navigation pane, choose Network & Security > Security Groups.
  3. In the top navigation bar, select a region.
  4. On the Security Groups page, find the security group that you want to clone and click Clone in the Actions column.
  5. In the Clone dialog box, configure the clone security group.
    • Destination Region: Select a region for the clone security group. Only specific regions are supported, which are displayed in the console.
    • Security Group Name: Specify a name for the clone security group.
    • Network Type: Select a network type for the clone security group. If you set Network Type to VPC, select an usable VPC in the destination region.
    • Import All Rules: Specify whether to import all rules whose priorities are higher than 100 from the original security group to the clone security group.
      • If you do not select Import All Rules, only the rules whose priorities are 1 to 100 are imported to the clone security group.
      • If you select Import All Rules, all rules whose priorities are 1 to 100 and higher than 100 are imported to the clone security group. After the rules are imported to the clone security group, rules whose priorities are greater than 100 have their priorities changed to 100.
  6. Click OK.

Result

After the security group is cloned, the Clone dialog box closes. You can view the clone security group on the Security Groups page of the destination region.