Security Groups Network access control list
Can control the access at the instance level Can control access at the subnet level
Can add rules for “allow” only Can add rules for both “allow” and “deny”
Evaluates all rules before allowing the traffic Rules are processed in order number when allowing traffic.
Can assign unlimited number of security groups Can assign upto 5 security groups.
Statefull filtering Stateless filtering