Inbound security groups dictate the conditions under which incoming traffic to a resource should be allowed.
For example, a web server needs to accept inbound traffic on ports 443 and 80 from the entire internet. A MySQL server, on the other hand, should only be allowed traffic only on port 3306 (default) from a subnet consisting of the application servers.