A security group is a stateful virtual firewall that controls inbound and outbound network traffic to AWS resources and Amazon EC2 instances.
By default, a Security Group blocks all inbound traffic and allows all outbound traffic.
When you create a VPC, it comes with a default security group. You can create additional security groups for a VPC, each with their own inbound and outbound rules. You can specify the source, port range, and protocol for each inbound rule. You can specify the destination, port range, and protocol for each outbound rule.
You can add or remove rules for a security group (also referred to as authorizing or revoking inbound or outbound access). A rule applies either to inbound traffic (ingress) or outbound traffic (egress). You can grant access to a specific source or destination.
Operates at the network interface level (Instance).