SecurityGroup
- only allow rules
- refrence ip or other sg
- essential a firewall
- access to ports
- autherized ip ranges
- inbound and outbound
- one group to many instances
- vpc and region bound
- is not on the ec2 but before
- use seperate sg for ssh access
- time out usually means sg issue
- connection refused application or server error
- default all inbound is blocked all outbound allowed
- stateful, if traffic is allowed out its allowed back in