All inbound traffic is blocked by default.
All outbound traffic is allowed.
Changes to Security Groups take effect immediately.
You can have any number of EC2 instances within a security group.
You can have multiple security groups attached to EC2 instances.
Security Groups are STATEFUL.
You cannot block specific IP address using Security Groups, instead use Network Access Control Lists.
You can specify allow rules, but not deny rules.