AWS NLB security group

Network Load Balancer now supports security groups

https://aws.amazon.com/about-aws/whats-new/2023/08/network-load-balancer-supports-security-groups/

The NLB itself doesn't have any security group. Instead, you control access using the security groups(s) attached to the EC2 instances. The source IP address is preserved, so you work with security group configuration (and other firewalls so to speak) as if the client had connected directly to your machine. The load balancer is kind of more transparent than in the ELB/ALB case. Refer https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-network-load-balancer.html for step-by-step instruction.

AWS Network Load Balancer does not support security groups today. You can use Amazon VPC NACLs, AWS Network Firewall, and/or a marketplace firewall with AWS Gateway Load Balancer to provide various levels of protection for your NLB. You can also use security groups on your targets if client IP preservation is enabled (see more here about when client IP preservation is supported)

Application Load Balancers do support security groups today.

For more information comparing ALB vs NLB, I suggest you check out this page.

NLB will connect to the IP of your machine ( any cloud or on-prem ), you must be using a software/tool like firewall or proxy already in your cloud / on-premise to protect the Virtual machines, you can still continue using that for the machine and in AWS NLB will act as only the load balancer with the provided algorithm/configurations

Starting Aug 10, 2023, NLB supports Security Group. Please refer https://docs.aws.amazon.com/elasticloadbalancing/latest/network/load-balancer-security-groups.html