Security Groups
The Security Group functionality is accessed from the Amazon EC2 tab, and then via the Security Groups link in the Navigation pane.
Security groups define the access policies for new EC2 instances. Every instance started is required to exist in a security group. However, a security group does not provide firewall security to a group of servers (the word "group" is somewhat misleading in this context). Instead a security group is similar to a personal firewall, in that the security policies defined within a security group apply to each server individually within that group. Multiple servers defined in the same group do not share subnets and do not have unrestricted access to each other.
When starting Windows instances, AWS provides a group called "quick-start-1", which opens the single port 3389 for RDP. This allows you to access your instance initially. However, you should be aware that everyone else could also access this port, as the quick-start-1 security group does not...