RDS `aws_default_db_security_group` resource

[don-code]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

The AWS provider has resources like default_security_group, which "takes ownership" of the default VPC security group that's auto-generated with all new AWS accounts, and allows it to be managed as if it had been created with Terraform.

A default RDS security group, only used by EC2-Classic, is also created with every new account - including (confusingly!) accounts which are VPC-only. This security group cannot be deleted.

I'd like to be able to tag this security group, so that I can explicitly tell other automation we have that it's not used.

New or Affected Resource(s)

• aws_default_db_security_group

Potential Terraform Configuration

resource "aws_default_db_security_group" "default" {
  tags = {
    env = "unused"
  }
}

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!