Limit security group filter search to security groups in same subnet you are creating a machine in

[AaronJaegerVA]

When defining a MachineSet with the AWSProvider, using tag:Name filters behaves poorly, as the query returns all security groups with a matching tag:Name value, even when they are not in the AWS VPC the subnet you specify in the MachineSet belongs to.

If you have >5 VPCs, and each has a security group with the same tag:Name value, the query returns >5 security group IDs. This results in a Machine provisioning failure with error launching instance: You have exceeded the maximum number of security groups allowed per network interface. The default for this quota is 5.

Can the filter query be limited to returning only SGs that are in the VPC the subnet you specify belongs to? It is not possible to assign SGs associated with one VPC to a machine created in another VPC.

In this example, sg-2 may return many results, even though subnet-abc123 is associated with a specific VPC which can only have one sg-2.

          securityGroups:
            - filters:
                - name: 'tag:Name'
                  values:
                    - sg-1
                    - sg-2
          ...
          subnet:
            id: subnet-abc123

Using the security group ID works okay, but security id's are hard for humans to recognize.

          securityGroups:
            - filters:
                - name: 'tag:Name'
                  values:
                    - sg-1
            -id : sg-abc123
          ...
          subnet:
            id: subnet-abc123

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[AaronJaegerVA]

/remove-lifecycle stale

…

________________________________ From: OpenShift Bot ***@***.***> Sent: Wednesday, November 5, 2025 4:01 AM To: openshift/machine-api-provider-aws ***@***.***> Cc: Jaeger, Aaron (Cognosante, MVH, LLC.) ***@***.***>; Author ***@***.***> Subject: [EXTERNAL] Re: [openshift/machine-api-provider-aws] Limit security group filter search to security groups in same subnet you are creating a machine in (Issue #137) [https://avatars.githubusercontent.com/u/1779249?s=20&v=4]openshift-bot left a comment (openshift/machine-api-provider-aws#137)<#137 (comment)> Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen. If this issue is safe to close now please do so with /close. /lifecycle stale — Reply to this email directly, view it on GitHub<#137 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKNDKW3VZJJE33Y3XYVUG5T33G4FXAVCNFSM6AAAAACDJVFRPWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTIOJQGAZDIOBXGY>. You are receiving this because you authored the thread.Message ID: ***@***.***>

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

[AaronJaegerVA]

/remove-lifecycle rotten. Very Respectfully, Aaron Jaeger (Contractor) Office of Information and Technology (OIT) U.S. Department of Veterans Affairs Cell: 404-442-2023 ***@***.******@***.***> [cid:584b762a-9319-45b8-9a2f-5e7fad326175] ***@***.***?anonymous&ep=bwmEmailSignature> Book time to meet with ***@***.***?anonymous&ep=bwmEmailSignature>

…

________________________________ From: OpenShift Bot ***@***.***> Sent: Friday, December 5, 2025 7:30 PM To: openshift/machine-api-provider-aws ***@***.***> Cc: Jaeger, Aaron (Cognosante, MVH, LLC.) ***@***.***>; Author ***@***.***> Subject: [EXTERNAL] Re: [openshift/machine-api-provider-aws] Limit security group filter search to security groups in same subnet you are creating a machine in (Issue #137) [https://avatars.githubusercontent.com/u/1779249?s=20&v=4]openshift-bot left a comment (openshift/machine-api-provider-aws#137)<#137 (comment)> Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen. If this issue is safe to close now please do so with /close. /lifecycle rotten /remove-lifecycle stale — Reply to this email directly, view it on GitHub<#137 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AKNDKWZIAMSTCQAUDQV23VD4AIPUFAVCNFSM6AAAAACDJVFRPWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTMMJZGA2TGMZSGY>. You are receiving this because you authored the thread.Message ID: ***@***.***>