Security Groups – Network security rules for cloud resources.

Security Groups act as virtual firewalls controlling inbound and outbound traffic to cloud resources. They operate at the instance level and support protocol, port, and source/destination IP filtering. Security Groups are stateful, meaning return traffic is automatically allowed, and can be changed dynamically without resource interruption. They support tags for dynamic rule application, can be nested for layered security, and integrate with network monitoring tools. The service includes default deny-all behavior and detailed traffic logging capabilities.