Security groups for VPCs

A security group acts as a virtual firewall for an instance to control inbound and outbound traffic.

When you launch a VM in a VPC, up to five security groups can be assigned to the instance. Security groups act at the instance level, not the subnet level. Each instance in a subnet in your VPC, therefore, could be assigned to a different set of security groups. When provisioned, an instance is automatically assigned to the default security group for the VPC.

Each security group has a set of rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.

Note: Amazon EC2-Classic is not supported.