A security group acts as a virtual firewall that controls the traffic allowed to reach one or more instances. When you deploy an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances on specified ports. You can modify the rules for a security group at any time. The new rules are applied automatically to all instances that are associated with the security group.
Follow AWS best practices for security group settings. Do not use the default VPC because it is open to the public. See AWS Security Best Practices.