In AWS, for VPCs, Security groups are Stateful, while NACLs (Network Access Control Lists) are Stateless, what does that mean exacltly (you can use examples to explain, like use an example where you want to allow http traffic to your webserver from the internet).

It means for Security Group, if you add an inbound rule to allow traffic to port 80 and a client machine makes an http request to your server on port 80, your server will be able to responsd to that request on port 80, without you having to have an outbound rule for port 80. But for NACLs, for this type of http request setup you need to have an inbound rule for port 80 and an outbound rule for port 80.