# aws


12/15/2023, 7:25 PM
a coworker pointed out to me that, although the
Pulumi documentation states:
Copy code
When the provider first begins managing the default security group, it immediately removes all ingress and egress rules in the Security Group. It then creates any rules specified in the configuration. This way only the rules specified in the configuration are created.
it appears that default rules are not removed, even if some other rule has been supplied. is there a way to log the interaction with the api to see if there was some reason it failed to remove the rules? (maybe we have some security req I don't know about)