Explanation:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html#defaultsecurity-group A default security group is named default, and it has an ID assigned by AWS. The following are the initial settings for each default security group:
Allow inbound traffic only from other instances associated with the default security group Allow all outbound traffic from the instance
The default security group specifies itself as a source security group in its inbound rules. This is what allows instances associated with the default security group to communicate with other instances associated with the default security group.
Default Security Groups Your AWS account automatically has a default security group per VPC and per region for EC2-Classic. If you don't specify a security group when you launch an instance, the instance is automatically associated with the default security group.
A default security group is named default, and it has an ID assigned by AWS. The following are the default rules for each default security group:
- Allows all inbound traffic from other instances associated with the default security group (the security group specifies itself as a source security group in its inbound rules.
- Allows all outbound traffic from the instance.
You can add or remove the inbound rules for any default security group. You can add or remove outbound rules for any VPC default security group.
You can't delete a default security group. If you try to delete the EC2-Classic default security group. you'll get the following error: Client. InvalidGroup. Reserved: The security group 'default' is reserved.
If you try to delete a VPC default security group, you'll get the following error: Client. CannotDelete : the specifiedgroup: "
gg-51530134" name: "default" cannot be deleted by a user.