Virtual firewalls for Amazon EC2 and Amazon RDS instances
Control inbound and outbound traffic by restricting by IP address, IP protocol, or port
Rules are stateful, meaning request information is tracked, and so responses won’t need to be tracked as a new request. Ex: ICMP ping requests.
By default, block all inbound traffic but allow all outbound traffic