The security groups for an EKS cluster all reference each other which means they can't be deleted until all the rules are deleted. This leads to stale security groups that the terminator can't delete.

The Ec2SecurityGroup terminator class needs to be modified to delete all the SG rules before deleting the SG. It would probably be worth only clearing the rules if an initial attempt to delete the SG fails with a DependencyViolation, just to cut down on unnecessary requests. So far, this has only been a problem with EKS.