Starting today, new applications created on AWS will now have multiple associated security groups created and managed in AWS for that application. This is a change from the previous behavior where only a single security group would be created and managed per application.
The security groups are grouped by their role, so web servers will have web rules, and DB servers will have DB rules, additionally, existing applications can be updated to use this new behavior via the their application updates. There is no change in behavior to the UFW firewalls that already exist on each server.
This is the first piece of a series of new and exciting traffic control and management features we will be rolling out in the next 2 months. Stay tuned!