Based on the AWS documentation, you cannot use Calico in conjunction with Pod Security Groups.
Traffic flow to and from pods with associated security groups are not subjected to Calico network policy enforcement and are limited to Amazon EC2 security group enforcement only. Community effort is underway to remove this limitation.
So, it seems like a design decision must be made where either Calico is chosen or Pod Security Groups are chosen. What are people’s thoughts on when you’d want to choose one versus the other?