vpc_rules_per_sg is returning incorrect count for one of the SG

[agrevtsev]

Hi! I'm getting incorrect rules count for specific SG (according to AWS console - this group have 230 inbound, 1 outbound rule). Other SGs have (inbound+outbound)<10 and displayed correctly. Maybe it's some paging issue? I got such results on latest master, fix-cf-stack-counting branches.

Best regards!

When checking rules count over aws cli

aws ec2 describe-security-group-rules --region us-east-1 --profile sso-prod --filter Name="group-id",Values="sg-xxxx" | jq -r '.SecurityGroupRules | length'
231

When checking rules count using aws-quota-checker

/usr/local/bin/aws-quota-checker check vpc_rules_per_sg
AWS profile: default | AWS region: us-east-1 | Active checks: vpc_rules_per_sg
Collecting checks  [####################################]  100%
Rules per VPC security group [****/us-east-1/sg-xxxx]: 66/333 ✓

[agrevtsev]

Yep it seems amazon returns wrong number

aws ec2 describe-security-groups --region us-east-1 --profile sso-prod --filter Name="group-id",Values="sg-xxxx" | grep IpProtocol | wc -l
66

[agrevtsev]

It seems that IpPermissions it's not exactly equivalent of SecurityGroupRules. IpPermissions it's kind a summary, where one IpPermission object can describe a couple of SecurityGroupRules. IMHO it's a little bit incorrect to use IpPermissions vs vpc_rules_per_sg_limit