With RHOCP 4.14 one can specify existing security groups to the control plane and worker nodes.

[1] https://docs.openshift.com/container-platform/4.14/installing/installing_aws/installing-aws-vpc.html#installation-aws-vpc-security-groups_installing-aws-vpc

Going through the documentation, The customer has raised the following queries.

1. Does the ability to use existing security groups also apply to ingress controllers?  
- From looking the OCP 4.14 documentation about ingress controllers, there is mention of how to use existing security groups so there isn't an inbound rule for 0.0.0.0/0 for the ingress controller.

2. Is possible to specify existing security groups when creating a new worker or infrastructure machineset after the cluster is created?  

- The documentation [1] shows a "securityGroups:" section in the example yaml, but it doesn't really explain what can be specified for an existing security group it should use.

Additional Queries:
A. Will the installer still add the default security groups along with the pre-existing security groups specified in a MachineSet object to the nodes it builds?
B. The ability to add pre-existing security groups is only applicable for MachineSets?  
C. If yes, then is there a way to have the Ingress Controller for the cluster to use a pre-existing security group or create a security group that doesn't contain an inbound rule to allow all traffic from 0.0.0.0/0 in the AWS Classic Load Balancer or AWS Network Load Balancer it can be configured to create?    

4.15.0    

    1.
    2.
    3.