To quote AWS documentation:
A security group acts as a virtual firewall, controlling the traffic that is allowed to reach and leave the resources that it is associated with. For example, after you associate a security group with an EC2 instance, it controls the inbound and outbound traffic for the instance.
Reference to the security groups documentation
Part of deploying AWS resources is understanding how to secure various applications and services. I believe at the base layer, security groups play a big part in providing a layer of security to the applications. It is very important that we don’t forget to restrict access to the resources that are deployed in AWS, and ensuring only authorized communication can occur between these resources.