Security groups are stateful and NACL are stateless. Security groups are tied to an instance whereas Network ACLs are tied to the subnet. Instances can have multiple Security groups and Subnet can have only one NACL. Security group support only allow rules but NACL allow and deny the rules.
Want to Learn AWS, check out AWS Course by Intellipaat.