A modification to a security group done by a module is reseted in the consecutive run

in my module i update rules on a security group as per below

resource "aws_security_group_rule" "vpn-connection-sg-rule" {
       count           = "${length(var.ingress_ports)}"
       type             = "ingress"
       from_port   = "${element(var.ingress_ports, count.index)}"
       to_port        = "${element(var.ingress_ports, count.index)}"
       protocol      = "tcp"
       cidr_blocks = "${var.destination_cidr}"
      security_group_id = "${data.aws_security_group.sg-foo.id}"

during the first run, the described rules are added to the group references using data sources.

the definition for the security group that is referenced here is defined in the environment (and the statestore) that utilize the module

resource "aws_security_group" "sg-foo" {
 //.... redacted for simplicity

  tags = {
    Name      = "foobar"
    ManagedBy = "Terraform"

how can I ensure that terraform doesn’t remove the rules provisioned by the module in the consecutive run?