- All Inbound traffic is blocked by default
- All Outbound traffic is allowed
- Changes to Security Groups take effect immediately
- You can have any number of EC2 instances within security group.
- You can have multiple security groups attached to EC2 Instances.
- Security Groups are STATEFUL.
- If you create an inbound rule allowing traffic in, that is automatically allowed back out again.
- You cannot block specific IP addresses using Security Groups, instead use Network Access Control Lists.
- You can specify allow rules, but not deny rules.