diff --git a/modules/service/main.tf b/modules/service/main.tf
index b97f704..aa78666 100644
--- a/modules/service/main.tf
+++ b/modules/service/main.tf
@@ -1868,7 +1868,7 @@ locals {
 }
 
 data "aws_subnet" "this" {
-  count = local.create_security_group ? 1 : 0
+  count = local.create_security_group && length(var.subnet_ids) > 0 ? 1 : 0
 
   region = var.region
 
@@ -1876,14 +1876,14 @@ data "aws_subnet" "this" {
 }
 
 resource "aws_security_group" "this" {
-  count = local.create_security_group ? 1 : 0
+  count = local.create_security_group && length(var.subnet_ids) > 0 ? 1 : 0
 
   region = var.region
 
   name        = var.security_group_use_name_prefix ? null : local.security_group_name
   name_prefix = var.security_group_use_name_prefix ? "${local.security_group_name}-" : null
   description = var.security_group_description
-  vpc_id      = var.vpc_id != null ? var.vpc_id : data.aws_subnet.this[0].vpc_id
+  vpc_id      = var.vpc_id != null ? var.vpc_id : one(data.aws_subnet.this[*].vpc_id)
 
   tags = merge(
     var.tags,