Examples where an AWS Security Group is not sufficient as a firewall?

amazon-web-services firewall web-application-firewall

Currently I am using only an AWS security group for one of my EC2 instances but have given some thought to adding a firewall to that stack as well. I'd be looking at using either iptables, or possibly migrating the entire system to ubuntu (not related to this problem) so might just end up using ufw.

If I leave this machine protected using only the security group, am I missing out on some protection? I haven't been able to get a good feel for its level of protection when compared to a traditional *nix software firewall.


If there's ever a bug or exploit in AWS's security groups implementation, you might wind up vulnerable where having iptables or something similar would've protected you.

Related

Which Linux distribution runs smoothly in Sun's VirtualBox?
Update from zfs-0.6.2-1.el6.x86_64 to zfs-0.6.3-1.el6.x86_64 has made by zpool unreadable
MySQL replication not working - no errors
Read-only root file system - ext3 error?
Zipping only files using powershell
Set 802.1Q tagged port on VLAN1 on Dell PowerConnect switch
vhost setup for multiple SVN repositories on same server
Windows Server 2016 automatically restart
What is the best way to move 20+ databases to a new database server? SQL 2005
GCP, basic IPv6 set up for Linux VM Instance
Blocking IP behind a load balancer
Windows Server 2012 IPAM feature - "Unblock IPAM Access" error/recomended action