Security Groups & NACLs

A security group acts as a virtual firewall that controls the traffic for one or more EC2 or RDS instances. EC2 or RDS instances can be associated with one or more security groups.

A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC

Security Group