I have question about how the autoprovision of rules is processed in AWS when an internal lb is tagged. I noticed on the sms and from the cme log that all previously auto generated rules are first deleted then re-added before policy installation. Why is it implemented this way? Wouldn’t there be potential issues when the rulebase becomes very large?  Also, it could potentially cause an outage. I recently encountered a scenario where the connectivity between my sms and gateway was down momentarily; the gateway was still running and functional. The cme service proceeded to remove the rules and push policy. Since the connectivity was down the policy installation failed. However if the connectivity were to be restored before policy push the gateways would receive a policy with no rules.