A cloud engineer is configuring a web application on AWS and needs to ensure that only HTTP and HTTPS traffic from the internet is allowed to reach the EC2 instances. Which AWS service should be used to control inbound traffic at the instance level?
Security groups are stateful instance-level firewalls that can allow HTTP/HTTPS inbound traffic.
Why this answer
Security groups are stateful virtual firewalls that control inbound and outbound traffic at the instance level. Network ACLs operate at the subnet level and are stateless.