More Info:

EC2 security groups should not have an excessive number of rules defined.

Risk Level

Informational

Address

Operational Maturity

Compliance Standards

CBP

Triage and Remediation

Remediation

Using Console

Additional Reading: