Most web architectures make use of several machines working together to serve content. In Yoxos, we use a front end web-server, multiple Database servers, and extra compute servers to calculate all the dependencies between p2 Installable Units (IUs). Often you want only expose certain ports to the outside, but still allow all these machines to have unfettered access between each other. With AWS, and in particular EC2, this is very easy.
You can create your own security group that locks down all but a few ports (ssh, http, ssl, etc..). However, if you stop here, then your different EC2 nodes will be forced to communicate over those same protocols (and nothing else). With a security group, you can also open up specific port ranges to other machines in the same group:
By adding this rule, all nodes in the sg-3ab02c52 security group will be able to access all TCP services on all other machines in that group. This way, your web-server can communicate with your Database machine without compromising your security.