Segurity groups

A virtual firewall.

Basics

• Controls inbound and outbound traffic
• Inbound is blocked by default
• Outbound is allowed by default
• EC2: mutliple SGs can be assigned
• SGs are STATEFUL (ACLs are stateless)

Best practices

• Don’t block specific ip address with SGs instead use NACLs