Acts as a "virtual firewall" for your EC2 instances to control incoming and outgoing traffic (traffic going into your instance and traffic going out of your instance).
If you don't specify a security group, EC2 uses the default security group.
Can only add allow rules to security groups.
Can't add deny rules.
You can modify the rules for a security group at any time.
Stateful
Regardless of any rules, return traffic is automatically always allowed.
Parameters for creating a security group
Name
The name for the security group.
β
Protocol
The protocol to allow.
The most common protocols are 6 (TCP), 17 (UDP), and 1 (ICMP).
β
Port range
For TCP, UDP, or a custom protocol, the range of ports to allow.
You can specify a single port number or a range of port numbers.
β
ICMP type and code
For ICMP, the ICMP type and code.
Source or destination
The source (inbound rules) or destination (outbound rules) for the traffic.
Specify one of these options:
An individual IPv4 address.
An individual IPv6 address.
A range of IPv4 addresses, in CIDR block notation.
A range of IPv6 addresses, in CIDR block notation.