If there are doubts about security, then you need to configure an additional level :D
AWS provides two levels of security in the VPC:
Network ACL and Security Groups
The first serve to restrict access between subnets, the second - between network interfaces in the VPC
Despite the fact that there are quite a few between them the big difference in behavior/usage (described in the table docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC... ) they perform roughly the same function.
As an additional security feature (recommended by AWS in the above article) - your OS's internal firewall can close link-local(169.254.xx) and traffic to the first 4 addresses of your VPC (AWS internal functionality, this traffic is not even tracked using flow logs, not what is controlled).
However, it is recommended that the firewall inside the instance be configured according to your rules.
There is never enough security, and in order for the rules on all security layers to comply, use IAAC.
Oh yes, the answer to the question: Reliable enough.