Creating Security Groups
A security group is an AWS resource that acts as a firewall for the subnets. Every AWS resource must be assigned a security group so they will be network accessible. If a resource is assigned to multiple security groups, then all rules from all groups will be applied to the resource.
You will need to create two security groups, one for the bastion host and one for intra-VPC connectivity. The procedures are explained in the following sections.