Open agrevtsev opened 1 year ago
Yep it seems amazon returns wrong number
aws ec2 describe-security-groups --region us-east-1 --profile sso-prod --filter Name="group-id",Values="sg-xxxx" | grep IpProtocol | wc -l
66
It seems that IpPermissions it's not exactly equivalent of SecurityGroupRules. IpPermissions it's kind a summary, where one IpPermission object can describe a couple of SecurityGroupRules. IMHO it's a little bit incorrect to use IpPermissions vs vpc_rules_per_sg_limit
Hi! I'm getting incorrect rules count for specific SG (according to AWS console - this group have 230 inbound, 1 outbound rule). Other SGs have (inbound+outbound)<10 and displayed correctly. Maybe it's some paging issue? I got such results on latest master, fix-cf-stack-counting branches.
Best regards!
When checking rules count over aws cli
When checking rules count using aws-quota-checker