What is a security group?
Security groups are mechanisms to control instance traffic
Only allowing communication within the same security group by default is a feature of security groups
Security groups are stateful and do not take into account return traffic
Comparison with Network ACLs
| service name | security group | network ACL |
| Main Functions | Controlling access to EC2 communications Applies on a per-server basis |
Control access for communication across subnets
Applied on a per VPC/subnet basis |
| Communication control method | stateless
(not considering return communication) (If only inbound is set up, outbound is also allowed) Permission set In/out |
stateful
(Explicitly set up return communication) (Setting inbound does not set outbound) Allow and deny in/out |
| Order of application | All rules apply. | Applies as per numbering sequence. |
| Applicable speed | immediate reflection | |
| Specify Allow only IN/OUT
(White list method) |
Specify Allow/Deny with iN/OUT
(Blacklist method) |
