When you first start out in Amazon Web Services understanding some of the basic concepts can be a little challenging. For instance the difference between Security Group and NACLs is stated below.
The difference between Security Groups and NACLs is that, Security Groups act as a firewall for associated Amazon EC2 instances, controlling both inbound and outbound traffic at the instance level, while ACLs act as a firewall for associated subnets, controlling both inbound and outbound traffic at the subnet level.
If you are new to AWS this statement is possibly a little hard to understand. If so, the following short video from CloudWave will hopefully help clear up any confusion you may have.