diff --git a/main.tf b/main.tf
index 9c5b5da..c92a0b9 100644
--- a/main.tf
+++ b/main.tf
@@ -69,16 +69,8 @@ data ibm_is_security_group base {
   name = "${local.vpc_name}-base"
 }
 
-resource null_resource print_sg_name {
-  depends_on = [data.ibm_is_security_group.base]
-
-  provisioner "local-exec" {
-    command = "echo 'SG name: ${data.ibm_is_security_group.base.name}'"
-  }
-}
-
 # from https://cloud.ibm.com/docs/vpc?topic=vpc-service-endpoints-for-vpc
-resource ibm_is_security_group_rule "cse_dns_1" {
+resource ibm_is_security_group_rule cse_dns_1 {
   count = local.security_group_count
 
   group     = local.security_group_ids[count.index]
@@ -125,3 +117,19 @@ resource ibm_is_security_group_rule private_dns_2 {
     port_max = 53
   }
 }
+
+resource ibm_is_security_group_rule inbound_self {
+  count = local.security_group_count
+
+  group     = local.security_group_ids[count.index]
+  direction = "inbound"
+  remote    = local.security_group_ids[count.index]
+}
+
+resource ibm_is_security_group_rule outbound_self {
+  count = local.security_group_count
+
+  group     = local.security_group_ids[count.index]
+  direction = "outbound"
+  remote    = local.security_group_ids[count.index]
+}