diff --git a/aws-ecs-byovpc/outputs.tf b/aws-ecs-byovpc/outputs.tf
index 51ebbf3..d42bd09 100644
--- a/aws-ecs-byovpc/outputs.tf
+++ b/aws-ecs-byovpc/outputs.tf
@@ -31,8 +31,8 @@ output "vpc" {
     public_subnet_cidr_blocks = [for s in data.aws_subnet.public : s.cidr_block]
     public_subnet_ids         = data.aws_subnets.public.ids
 
-    default_security_group_id  = data.aws_security_group.default.id
-    default_security_group_arn = data.aws_security_group.default.arn
+    default_security_group_id  = aws_security_group.runner.id
+    default_security_group_arn = aws_security_group.runner.arn
   }
 }
 
diff --git a/aws-ecs-byovpc/runner_security_group.tf b/aws-ecs-byovpc/runner_security_group.tf
new file mode 100644
index 0000000..68957ec
--- /dev/null
+++ b/aws-ecs-byovpc/runner_security_group.tf
@@ -0,0 +1,10 @@
+resource "aws_security_group" "runner" {
+  vpc_id = var.vpc_id
+
+  egress {
+    protocol    = "-1"
+    from_port   = 0
+    to_port     = 0
+    cidr_blocks = ["0.0.0.0/0"]
+  }
+}