Security Group CheatSheet

• Security Groups acts as a firewall at the instance level
• Unless allowed specifically, all inbound traffic is blocked by default.
• All Outbound traffic from the instance is allowed by default.
• You can specific for the source to be either an IP range, single Ip Address or another security group
• Security Groups are STATEFUL (of traffic is allowed inbound it is also allowed outbound)
• Any changes to a Security Group take effect immediately.
• EC2 Instances can belong to multiple security groups
• Security groups can contain multiple EC2 Instances.
• You cannot block specific IP addresses with Security Groups, for this you would need a Network Access
• Control List (NACL)
• You can have upto 10,000 Security Groups per Region (default 2,500)
• You can have 60 inbound and 60 outbound rules pre Security Group
• You can have 16 Security Groups associated to an ENI (default is 5)