AWS Security Groups and NACL
A security group in AWS manages traffic to and from an EC2 instance using a set of inbound and outbound rules. This indicates it defines instance-level security. An inbound rule, for example, may permit traffic from a single IP address to access the instance, whereas an outbound rule may permit all traffic to leave the instance. Because security groups operate at the VPC instance level, each security group can be applied to one or more instances, also through subnets Furthermore, each instance must be linked to one or more security groups.