diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0ada9ef..cfa436e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -66,3 +66,7 @@
   - emr
    - add module for EMR ports and several security groups
 
+* 2.5.1 -- 2024-12-16
+  - rds-postgres
+   - fix ingress_security_groups, ingress_networks
+
diff --git a/rds-postgres/README.md b/rds-postgres/README.md
index e4702cb..b224b82 100644
--- a/rds-postgres/README.md
+++ b/rds-postgres/README.md
@@ -61,8 +61,6 @@ No modules.
 | [aws_security_group.this_security_group](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group) | resource |
 | [aws_ec2_managed_prefix_list.egress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_managed_prefix_list) | data source |
 | [aws_ec2_managed_prefix_list.ingress](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ec2_managed_prefix_list) | data source |
-| [aws_security_group.egress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
-| [aws_security_group.ingress_security_groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/security_group) | data source |
 | [aws_vpc.this_vpc](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/vpc) | data source |
 
 ## Inputs
diff --git a/rds-postgres/main.tf b/rds-postgres/main.tf
index 39d5c80..fd985ee 100644
--- a/rds-postgres/main.tf
+++ b/rds-postgres/main.tf
@@ -44,15 +44,15 @@ data "aws_vpc" "this_vpc" {
   id    = var.vpc_id
 }
 
-data "aws_security_group" "ingress_security_groups" {
-  count = length(var.ingress_security_groups)
-  id    = element(var.ingress_security_groups, count.index)
-}
-
-data "aws_security_group" "egress_security_groups" {
-  count = length(var.egress_security_groups)
-  id    = element(var.egress_security_groups, count.index)
-}
+## data "aws_security_group" "ingress_security_groups" {
+##   for_each = toset(var.ingress_security_groups))
+##   id    = each.key
+## }
+## 
+## data "aws_security_group" "egress_security_groups" {
+##   for_each = toset(var.egress_security_groups)
+##   id    = each.key
+## }
 
 locals {
   vpc_networks              = var.use_vpc_cidr ? [data.aws_vpc.this_vpc[0].cidr_block] : []
@@ -77,7 +77,7 @@ resource "aws_security_group" "this_security_group" {
       from_port   = p.value["from"]
       to_port     = p.value["to"]
       protocol    = p.value["proto"]
-      cidr_blocks = length(p.value["cidr"]) == 0 ? local.external_ingress_networks : p.value["cidr"]
+      cidr_blocks = length(local.external_ingress_networks) > 0 ? local.external_ingress_networks : p.value["cidr"]
     }
   }
 
@@ -98,14 +98,14 @@ resource "aws_security_group" "this_security_group" {
 
   # ingress security group ids (all)
   dynamic "ingress" {
-    for_each = local.ingress_sg
+    for_each = length(local.ingress_sg) > 0 ? { 1 = 1 } : {}
     iterator = sg
     content {
-      description     = "${local.short_description}: ${local.ingress_sg_names[sg.value]}"
+      description     = "${local.short_description}"
       from_port       = 0
       to_port         = 0
       protocol        = -1
-      security_groups = [sg.value]
+      security_groups = [local.ingress_sg]
     }
   }
 
@@ -136,14 +136,14 @@ resource "aws_security_group" "this_security_group" {
 
   # egress security group ids (all)
   dynamic "egress" {
-    for_each = local.egress_sg
+    for_each = length(local.egress_sg) > 0 ? { 1 = 1 } : {}
     iterator = sg
     content {
-      description     = "${local.short_description}: ${local.egress_sg_names[sg]}"
+      description     = "${local.short_description}"
       from_port       = 0
       to_port         = 0
       protocol        = -1
-      security_groups = [sg]
+      security_groups = [local.egress_sg]
     }
   }