data "aws_vpc" "default" {
  default = true
}


resource "aws_security_group" "rds_sg" {
  name_prefix = "rds-"


  description = "Allow TLS inbound traffic"
  vpc_id = data.aws_vpc.default.id

  ingress {
    # TLS (change to whatever ports you need)
    from_port = 5432
    to_port   = 5432
    protocol  = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port = 0
    to_port   = 0
    protocol  = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
}