| |
| |
| Allow rules and deny rules.
|
Stateful - Return traffic is automatically allowed, regardless of any rules.
| Stateless - Return traffic must be explicitly allowed by rules.
|
AWS evaluate all rules before deciding whether to allow traffic.
| AWS process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic
|
Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on
| Automatically applies to all instances in the subnets that it's associated with (therefore, it provides an additional layer of defense if the security group rules are too permissive)
|