Security groups nima ne kuma ta yaya suke sarrafa shiga? **Security groups** su ne virtual firewalls da ke sarrafa **zazzagewa da fitowa** na traffic zuwa AWS albarkatun (kamar EC2 instances) — suna bayyana wanne ports, protocols, da sources suke ba da izini. Suna da mahimmanci sosai ga AWS network security.

A SECURITY GROUP is a virtual firewall attached to resources (EC2, RDS, etc.):
  → INBOUND rules — what traffic can REACH the resource (port, protocol, source)
  → OUTBOUND rules — what traffic the resource can SEND OUT
  → only ALLOW rules (no explicit deny); everything not allowed is DENIED by default
  → STATEFUL — if inbound is allowed, the response is automatically allowed back

Inbound rules for a web server:
  Allow TCP 443 (HTTPS) from 0.0.0.0/0   → anyone can reach HTTPS
  Allow TCP 80  (HTTP)  from 0.0.0.0/0   → anyone can reach HTTP
  Allow TCP 22  (SSH)   from <your IP>/32 → ONLY your IP can SSH (not the whole world!)
→ everything else is blocked (default deny)