With a single concept of Security Group in AWS, we incorporate the functionality of Security, Isolation with ease. It is impossible to imagine the world without Security Group. We take security groups for granted in AWS, it would pain when we try to build architectures using VMs in Azure [not today but couple of months back when there was no Azure Resource Group]. That doesn’t mean there wasn’t Security in Azure but the security implementation was tied to the individual instance rather than Security Groups be able to attach to the instance(s) [Again it was before the era of Azure Resource Group – now called as Azure Virtual Machines – Classic].
Getting back to AWS & Security Group – I can’t thank enough for the feature of “Copy Security Group”. There are couple operations or functionalities which I would like to request AWS Management Console team to consider [Please].
Copy Security Group to Different Region
This is the mere extrapolation of the Copy Security Group. I feel the Copy Security Groups would be just as important as Copy Snapshots and Copy AMI to different region. Understand that the copied security group wouldn’t be directly useful and may require several modifications – nevertheless, that could help as a placeholder. This functionality would aid in scenarios in Region Migration, Region Replication, DR & DR Test Drill etc.
Editing the description field is not supported today in AWS Console (well I haven’t tried that in CLI yet). This happened to me quite often than you can think – Create a Security Group, Launch Instance(s) with that Security Group then finally notice – I missed filling the description or didn’t follow the convention used by Ops Team. Then I copy the security group, this time put the correct name and description, attach the new SG and detach the old SG then delete it.
Editing the description field for the AMI images has been made possible; similarly requesting the feature set to extended for Security Group’s description as well.
Copy Security Group with Tags
Tags play a vital role in almost all AWS resource entities. I love what are the possibilities – searching based on tag in search bar, ability to group and understand the cost breakup in Cost Center. Personally, I am thankful for the scenario without tags would be like – environment_tier_instance_role_let_god_forbid_name_getting_any_bigger_sg. I am not against the big names or effort associated with that but, IMHO it is an intentional step towards making thing harder. The readability takes a big hit. I love making things simpler and easier. Tags are much more efficient.
It would be awesome if there is a check box which accepts “copy tags” in the same dialog box where we key in the VPC, Name & Description of the Security Group. It would be really handy to see the rules and tags come along.
Sorting Security Group Rules
Having a holistic view of Security Group Rules is little harder today. It is really difficult to find or check if rules are present in the security group. I open the security group rules and perform the browser’s CTRL+F and search – this helps most of the cases but that is a quick and dirty way.
It would be awesome if we can sort the 3 columns CIDR, PORT, PROTOCOL individually (nested – secondary sort would be even cool). In fact a data tables like interface would be really applicable for the context. Just imagine if all the UDP, TCP, ICMP rules sorted individually.