Security group characteristics:
- Every EC2 instance must have at least one security group.
- The same security group can be associated with multiple EC2 instances.
- Every EC2 instance can have max 5 security groups
- A security group has both inbound and outbound rules
- Security groups are stateful
- If traffic is initiated from the internet, traffic is validated by inbound rules of security groups.
- If traffic is initiated from EC2, his traffic is validated by outbound rules of security groups.
- When we update rule under security group, it takes effect immediately.
- Security group does not have explicit allow/deny, rules we add are allowed and others are implicitly denied.