Security Groups (SGs) are the fundamental building blocks of security in AWS, acting as virtual firewalls for your Amazon EC2 instances to control incoming and outgoing traffic.
1Stateful Operations
Unlike Network ACLs which are stateless, Security Groups are stateful. This means if you allow an outbound request to the internet (e.g., your server downloading an update), the response from the internet is automatically allowed back in, even if there is no inbound rule explicitly permitting it.
2Default Rules & Best Practices
When you create a new Security Group, the default behavior is to deny all inbound traffic and allow all outbound traffic. A major best practice is to adhere to the principle of least privilege. For example, never open Port 22 (SSH) to 0.0.0.0/0 (the entire internet). Instead, restrict it strictly to your office or home IP address.
