Terraform trying to re-create "default" `aws_security_group`

Question

I'm getting unexpected issue while trying to change ssh public key for one user via Terraform. What is changed in the PR is one line (actual ssh key), nothing else. That way I wouldn't expect anything new to be created. However, on the terraform plan I'm getting this:

# aws_security_group.default will be created
+ resource "aws_security_group" "default" {

and on terraform apply this error:

Error: Error creating Security Group: InvalidParameterValue: Cannot use reserved security group name: default
        status code: 400, request id: xxx

  on classic_security_groups.tf line 1, in resource "aws_security_group" "default":
   1: resource "aws_security_group" "default" {

This issue didn't happen before, but I can't find any related updates etc. causing it. Could anyone please suggest where should I look for the solution?

Answer 1

As per AWS documentation [1]:

Your AWS account automatically has a default security group for the default VPC in each Region. If you don't specify a security group when you launch an instance, the instance is automatically associated with the default security group for the VPC.

A default security group is named "default", and it has an ID assigned by AWS. The following table describes the default rules for a default security group.

This means you should change the name argument of the aws_security_group resource to something else, e.g., my-default-sg. This should not be confused with the logical name given to the resource, i.e., "aws_security_group" "default".

Note: If you must have a Security Group named default you should probably assign it to a non-default VPC.

---

[1] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/default-custom-security-groups.html