Which AWS service or feature acts as a firewall for Amazon EC2 instances?

Explanations:

Network ACLs (Access Control Lists) are used to control traffic at the subnet level, allowing or denying inbound and outbound traffic. While they act as a firewall, they are not the primary firewall mechanism for individual EC2 instances.

Elastic network interfaces (ENIs) are virtual network interfaces that can be attached to EC2 instances. They do not function as firewalls; instead, they provide network connectivity and configuration options for instances.

Amazon VPC (Virtual Private Cloud) allows users to create isolated networks for their resources, including EC2 instances. While it provides some networking features, it does not directly serve as a firewall for instances.

Security groups act as virtual firewalls for EC2 instances, controlling inbound and outbound traffic based on rules. They are stateful, meaning that if an inbound request is allowed, the corresponding outbound response is automatically allowed.