diff --git a/main.tf b/main.tf
index 389ab238..10975453 100644
--- a/main.tf
+++ b/main.tf
@@ -122,8 +122,9 @@ resource "ibm_is_instance" "vsi" {
   primary_network_interface {
     subnet = each.value.subnet_id
     security_groups = flatten([
-      (var.create_security_group ? [ibm_is_security_group.security_group[var.security_group.name].id] : [local.default_security_group_id]),
-      var.security_group_ids
+      (var.create_security_group ? [ibm_is_security_group.security_group[var.security_group.name].id] : []),
+      var.security_group_ids,
+      (var.create_security_group == false && length(var.security_group_ids) == 0 ? [local.default_security_group_id] : []),
     ])
     allow_ip_spoofing = var.allow_ip_spoofing
   }
diff --git a/module-metadata.json b/module-metadata.json
index 11b84865..9695a68f 100644
--- a/module-metadata.json
+++ b/module-metadata.json
@@ -468,7 +468,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 182
+        "line": 183
       }
     },
     "ibm_is_floating_ip.vsi_fip": {
@@ -485,7 +485,7 @@
       },
       "pos": {
         "filename": "main.tf",
-        "line": 174
+        "line": 175
       }
     },
     "ibm_is_instance.vsi": {