From dceb6658e7b9a33352b440acb9f010770cca4877 Mon Sep 17 00:00:00 2001
From: Peter Rifel <pgrifel@gmail.com>
Date: Fri, 18 Jul 2025 16:12:12 -0500
Subject: [PATCH] Fix invalid filters for describing security group rules

The Describe SGR API doesn't support filtering by VPC ID or group name.
Therefore if we dont have a SG ID we'll just skip trying to delete SGRs
---
 upup/pkg/fi/cloudup/awstasks/securitygroup.go | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/upup/pkg/fi/cloudup/awstasks/securitygroup.go b/upup/pkg/fi/cloudup/awstasks/securitygroup.go
index 2c1d6ef5d5ab5..2a3421e77e794 100644
--- a/upup/pkg/fi/cloudup/awstasks/securitygroup.go
+++ b/upup/pkg/fi/cloudup/awstasks/securitygroup.go
@@ -335,14 +335,9 @@ func (e *SecurityGroup) FindDeletions(c *fi.CloudupContext) ([]fi.CloudupDeletio
 	cloud := awsup.GetCloud(c)
 
 	filters := make([]ec2types.Filter, 0)
-	switch {
-	case e.ID != nil:
+	if e.ID != nil {
 		filters = append(filters, awsup.NewEC2Filter("group-id", *e.ID))
-	case e.Name != nil && e.VPC != nil:
-		filters = append(filters, awsup.NewEC2Filter("vpc-id", *e.VPC.ID))
-		filters = append(filters, awsup.NewEC2Filter("group-name", *e.Name))
-		filters = append(filters, awsup.NewEC2Filter("tag:kubernetes.io/cluster/"+c.T.Cluster.Name, "owned"))
-	default:
+	} else {
 		return nil, nil
 	}
 	request := &ec2.DescribeSecurityGroupRulesInput{