User Story:

The API for DescribeEgressOnlyInternetGateways does not support attachment.vpc-id filter. Thus, the call will return all available eigw, which leads to consequences:

• CAPA incorrectly selects an unintended eigw for use. Leading to route creation failure since the eigw belongs to a different VPC.
• CAPA incorrectly destroys all eigw of all VPCs. This is very catastrophic as it can break other workloads.

This is an existing bug in CAPA.

Acceptance Criteria:

Description of criteria:

• CAPA should filter only eigw that is owned by the cluster in reconciliation.

(optional) Out of Scope:

Detail about what is specifically not being delivered in the story

Engineering Details:

• AWS doc: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeEgressOnlyInternetGateways.html 
• CAPA code that handle describing the eigws: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/483f3a96c060e7b8c9ed84713aa95560fcfc07ca/pkg/cloud/services/network/egress_only_gateways.go#L138-L143 

This requires/does not require a design proposal.
This requires/does not require a feature gate.