Security Group vs NACL

Security Group Network Access Control List
Virtual firewalls for Amazon EC2 and Amazon RDS instances Virtual firewalls for subnets
Rules are stateful, meaning request information is tracked, and so responses won’t need to be tracked as a new request. Ex: ICMP ping requests. Rules are stateless, requiring explicit rules for both inbound and outbound traffic
By default, block all inbound traffic but allow all outbound traffic By default, allow all inbound and outbound traffic