You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Routing determines where traffic can go. Security groups and network ACLs (NACLs) determine whether it is allowed through. Together they form a layered defence — security groups protecting individual resources and NACLs protecting entire subnets. Understanding both, and the critical differences between them, is essential for building secure AWS architectures.
A security group acts as a virtual firewall for an instance (or more precisely, for an Elastic Network Interface). It controls inbound and outbound traffic at the instance level.
| Property | Detail |
|---|---|
| Level | Instance / ENI |
| Statefulness | Stateful — if inbound traffic is allowed, the return traffic is automatically allowed |
| Default inbound | All traffic denied |
| Default outbound | All traffic allowed |
| Rule type | Allow only — you cannot create deny rules |
| Rule evaluation | All rules evaluated (not ordered) |
| Applies to | Only instances assigned to the security group |
Each rule specifies:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.