What is the new policy action needed to allow the new DescribeSecurityGroupRules
Found the solution: seems like the option DescribeSecurityGroupRules
is not yet available through the IAM UI but you can manually add it via JSON editing.
Yes, the UI will say the option does not exist:
But if you save the policy, it will work.
This tweet has helped me: https://twitter.com/AWSSupport/status/1413285145663184897