Cloud Shell includes a pre-installed script to clone an ECS security group. Run this script to quickly create a new security group.
Background
A security group is a virtual firewall that provides stateful inspection and packet filtering to create security domains in the cloud. By configuring security group rules, you can allow or deny public or private network access to the ECS instances within the security group.
Procedure
- In your browser, go to https://shell.aliyun.com to open Cloud Shell.
- Run the following command to clone the script.
git clone https://code.aliyun.com/labs/tutorial-ecs-copy-security-group.git - Run the following command to navigate to the tutorial-ecs-copy-security-group directory.
cd tutorial-ecs-copy-security-group - Run the following command to clone the security group.
sh CloneSecurityGroup.sh - Follow the prompts to create a new security group with the same rules as the source security group:
- Enter the source security group's region, for example, cn-hangzhou. You can press Enter to view a list of available regions.
- Enter the source security group's ID.
You can press Enter to view all security groups in the specified region.
1. Please enter RegionID where the source SecurityGroup is located, or press "Enter" for more Region information. Please type RegionID to continue: cn-hangzhou 2. Please enter source SecurityGroupId or press "Enter" to get SecurityGroupId. Please type SecurityGroupId to continue: SecurityGroupId | SecurityGroupName | Description ---------------- | ---------------- | ----------- sg-bp1a3uv8ri*** | *** | *** sg-bp1190o50*** | secu*** | *** sg-bp11j9xpp*** | secu*** | *** sg-bp168k8dw*** | sg-b*** | System created security group. sg-bp16tmhcb*** | sg-b*** | System created security group. sg-bp17cfy7s*** | sg-b*** | System created security group. sg-bp13pwxi9*** | VPC1 | *** sg-bp1lum4k0*** | wugo*** | *** sg-bp1ddqy41*** | wugo*** | *** sg-bp1hbr8zp*** | xian | test Please type SecurityGroupId to continue: sg-bp1a3uv8rrypq3e9bsfh - Enter the region for the new security group, for example, cn-shanghai. You can press Enter to view a list of available regions.
- Enter the VpcId for the new security group. You can press Enter to view the VPCs in the target region.
3. Please type the target RegionID or press "Enter" to clone SecurityGroup in the same region. Please type RegionID to continue: cn-shanghai 4. Please type the target VpcId or press "Enter" to get VpcId. Please type VpcId to continue: VpcId | VpcName | Description ------ | ------- | ----------- vpc-uf614ufd xxx | doctest-1 | vpc-uf6mb30e xxx | miniapp_vpc_test | vpc-uf604yqd xxx | miniapp_vpc_prod | vpc-uf6o8d1d xxx | xxx | vpc-uf6p2u19 xxx | xxx | vpc-uf6qpogy xxx | | vpc-uf62xei9 xxx | CL-xxx | vpc-uf6nr5ji xxx | cl-HaVip | vpc-uf6oxj71 xxx | | vpc-uf66v509 xxx | drntest | Please type VpcId to continue: vpc-uf614ufdj13n8 - Enter a name and description for the new security group. You can press Enter to skip the name and description and create the security group directly.
5. Please type the target SecurityGroupName or press "Enter" to skip. Please type SecurityGroupName to continue: ingressTraffic 6. Please type the target Description or press "Enter" to skip. Please type Description to continue: copyfromsg-bp1a3uv8rrypq3e9bsfh Cloning the specified security group, please wait a moment - Congratulations! You successfully cloned a SecurityGroup: sg-uf61a39n0ss2xt3eczxo
Result
After the security group is created, the system returns its ID. Run the following command to view the new security group's rules.aliyun ecs DescribeSecurityGroupAttribute --RegionId cn-shanghai --SecurityGroupId sg-adf13******In this command:
- RegionId is the new security group's region.
- SecurityGroupId is the new security group's ID.
该文章对您有帮助吗?