What's the correct IAM Policy to allow users add Ingress/Egress rules in a VPC security Group

Question 1

I've successfully tested the referenced IAM policy via the IAM Policy Simulator - the policy simulator can be quite picky/tricky though and it took me a few attempts to get it right as well, here's what to look out for:

Obviously you need to replace Account-Number and vpc-id in the policy with the actual values from your AWS account - presumably you did this already.
Since you have created a policy for a specific Resource arn:aws:ec2:us-east-1:Account-Number:security-group/*, you need to ensure to also enter the identical Amazon Resource Name (ARN) as the value for Resource in the Simulation Settings.
Similarly, since you have created a policy with a specific Condition, the simulator asks to enter a value for the ec2:Vpc condition key in the Simulation Settings - you need to ensure to enter a full ARN as the value here rather than just the VPC id itself, i.e. something like arn:aws:ec2:us-east-1:Account-Number:vpc/vpc-12345678 rather than just vpc-12345678!

Question 2

Thanks for your response. I guess I was doing something wrong on the simulator because i ran a command on the CLI and it did work as expected for this policy. I tried to update this question but since I'm new to this forum i have to wait 8 hours to respond my own questions.