Feature Security Group NACL

Level Assigned to a specific

instance(s)/resource(s)

Configured for a subnet. Applies to traffic to all

instances in a subnet.

Rules Allow rules only Both allow and deny rules

State Stateful. Return traffic is automatically

allowed.

Stateless. You should explicitly allow return traffic.

Evaluation Traffic allowed if there is a matching

rule

Rules are prioritized. Matching rule with highest priority

wins.