Amazon VPC provides two features that you can use to increase security for your VPC: Security groups--Act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level and supports allow rules only. Network access control lists (ACLs)--Act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level and supports allow rules and deny rules. Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html