rds_instance does not remove VPC security groups until you add another one

[pauby]

SUMMARY

When using community.aws.rds_instance you can add security group ids using the vpc_security_group_ids parameter and this is reflected in the VPC security groups on the RDS instance. However if you remove a group the VPC security groups on the RDS instance is not updated. If you add a group after this, the old group is removed and the new group is added.

ISSUE TYPE

• Bug Report

COMPONENT NAME

community.aws.rds_instance

ANSIBLE VERSION

  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/local/lib/python3.7/site-packages/ansible
  executable location = /usr/local/bin/ansible
  python version = 3.7.7 (default, Mar 13 2020, 21:39:43) [GCC 9.2.1 20190827 (Red Hat 9.2.1-1)]

CONFIGURATION

INTERPRETER_PYTHON(/etc/ansible/ansible.cfg) = auto

OS / ENVIRONMENT

AWS RDS instance

STEPS TO REPRODUCE

If I remove "sg_1" nothing is updated on the DB instance. If I add "sg_4" so you have "sg_2", "sg_3" and "sg_4", then "sg_1" is then removed and "sg_4" is added.

    - name: "Ensure RDS instance"
      community.aws.rds_instance:
        db_instance_identifier: 'db_name'
        apply_immediately: yes
        purge_tags: yes
        copy_tags_to_snapshot: yes
        tags:
          Name: 'db_name'
          managed_by: 'ansible'
        vpc_security_group_ids:
          - "sg_1"
          - 'sg-2'
          - 'sg-3''
        db_subnet_group_name: 'default-vpc-abc'
        wait: no

EXPECTED RESULTS

I expect "sg_1" to be removed when I remove it from the list.

ACTUAL RESULTS

Nothing happens to "sg_1" until I add "sg_4" to the list.

[ansibullbot]

Files identified in the description:
None

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help