Importing and Exporting Security Group Rules

Scenarios

You can configure security group rules in an Excel file and import the rules to the security group. You can also export security group rules to an Excel file. You are advised to use this function in the following scenarios:

• If you want to quickly create or restore a security group rule, you can import your exported security group rule file to the security group.
• If you want to back up security group rules locally, you can export the rules to an Excel file.
• If you want to quickly apply the rules of one security group to another, or if you want to modify multiple rules of the current security group at once, you can import or export existing rules.

Notes and Constraints

• The security group rules to be imported must be configured based on the template. Do not add parameters or change existing parameters. Otherwise, the import will fail.
• Duplicate rules are not allowed, you can delete the rule and try again.

Procedure

1. Log in to the management console.
2. Click in the upper left corner and select the desired region and project.
3. Click in the upper left corner and choose Network > Virtual Private Cloud.

   The Virtual Private Cloud page is displayed.

4. In the navigation pane on the left, choose Access Control > Security Groups.

   The security group list is displayed.

5. On the security group list, click the name of the target security group.

   The security group details page is displayed.

6. Export and import security group rules.
   • Click to export all rules of the current security group to an Excel file.
   • Click to import security group rules from an Excel file into the current security group.
     Table 1 describes the parameters in the template for importing rules.

     Table 1 Template parameters

     Parameter	Description	Example Value
     Direction	The direction in which the security group rule takes effect. Inbound: Inbound rules control incoming traffic to instances in the security group. Outbound: Outbound rules control outgoing traffic from instances in the security group.	Inbound
     Protocol & Port	The network protocol used to match traffic in a security group rule. Currently, the value can be All, TCP, UDP, GRE, ICMP, or more.	TCP
     	Port: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535.	22, or 22-30
     Type	Source IP address version. You can select: IPv4 IPv6	IPv4
     Source	Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: IP address: Single IP address: 192.168.10.10/32 All IP addresses: 0.0.0.0/0 IP address range: 192.168.1.0/24 Security group: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with Action set to Allow and Source set to security group B, access from instance B is allowed to instance A. IP address group: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way.	sg-test[96a8a93f-XXX-d7872990c314]
     Destination	Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example:	sg-test[96a8a93f-XXX-d7872990c314]
     Description	Supplementary information about the security group rule. This parameter is optional. The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).	-