Security groups determine the inbound and outbound traffic to and from your CDP environment. That is, you should use security settings to allow users from your organization access to CDP resources.
You have two options:
Use your existing security group settings
Have CDP create new security group settings
You should verify the security group limits in your AWS account to ensure that you can configure security groups for CDP.
Existing security groups
If you would like to create your own security groups, you need to create two security groups and make sure that the inbound settings allow traffic from your organization via the ports 22 and 8443 and open the additional ports mentioned in the security group settings documentation linked below.
New security groups
If you would like CDP to create the security groups for you, you need to provide a CIDR range for inbound traffic to EC2 instances from your organization. CDP opens ports 22 and 8443 to inbound traffic from the CIDR range that you provide and additionally opens a few other ports, as described in Security group settings documentation.