Explanation: Amazon VPC provides two features that you can use to increase security for your VPC: Security groups--Act as a firewall for associated Amazon EC2 instances, controlling both inbound andoutbound traffic at the instance level. Network access control lists (ACLs)--Act as a firewall for associated subnets, controlling both inboundand outbound traffic at the subnet level. Security groups are stateful: (Return traffic is automatically allowed, regardless of any rules)Network ACLs are stateless: (Return traffic must be explicitly allowed by rules) Reference: http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html