Trying to Install Istio in cluster with Helm chart and creates lb but fails to attach them in svc

Iam using below yaml file
apiVersion: install.istio.xxxxxxxx
kind: IstioOperator
spec:
meshConfig:
defaultConfig:
tracing:
sampling: 25
zipkin:
address: jaeger-collector.istio-system.svc.cluster.local:9411
values:
gateways:
istio-ingressgateway:
serviceAnnotations:
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: “tcp”
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: “*”
service.beta.kubernetes.io/aws-load-balancer-type: “nlb”
service.beta.kubernetes.io/aws-load-balancer-internal: true

I used this command install

istioctl install --set profile=default -f override.yaml -y

creates pod ( k get po -n istio-system)

[centos@ip-10-17-5-80 lm-istio-helm]$ k get po -n istio-system
NAME READY STATUS RESTARTS AGE
istio-ingressgateway-79f65dhsgdf8-jcsvq 1/1 Running 0 105m
istiod-7757f46574-t95tt 1/1 Running 0 105m

when I get service ( k get svc -n istio-syetm)

image

k get events -n istio-system
41m Normal EnsuringLoadBalancer service/istio-ingressgateway Ensuring load balancer
41m Warning SyncLoadBalancerFailed service/istio-ingressgateway Error syncing load balancer: failed to ensure load balancer: Multiple tagged security groups found for instance i-0054534545343156e; ensure only the k8s security group is tagged; the tagged groups were sg-03f38ef9165650d(lm-sg-ad-client) sg-056666c4151c816fc1(lm-sg-privatelink-noc201-dynamodb) sg-07dc7fa999ea091e5(lm-sg-noc201-eks-nodes) sg-09000d7c2a8e248e7(lm-sg-kibana-terraform-clients-es01-noc201)
36m Normal DeletingLoadBalancer service/istio-ingressgateway Deleting load balancer
36m Normal DeletedLoadBalancer service/istio-ingressgateway Deleted load balancer
25m Normal ScalingReplicaSet deployment/istio-ingressgateway Scaled up replica set istio-ingressgateway-79f65fbdf8 to1
25m Normal NoPods poddisruptionbudget/istio-ingressgateway No matching pods found
23m Normal EnsuringLoadBalancer service/istio-ingressgateway Ensuring load balancer

I have checked Iam policy and followed this doc from istio
and this dosent resolve the problem

Checked manually in AWS , by install overide.yaml creates lb but arn dosent get attached to svc as shown above.

Please advice , Thanks

Resolved now security group tags for the cluster had value : owned , change the value to shared. resolves it. Difference is when you have more than one clusters using the same sg, value: owned wont let you share it.