diff --git a/packages/@aws-cdk/aws-rds/lib/serverless-cluster.ts b/packages/@aws-cdk/aws-rds/lib/serverless-cluster.ts
index 2f4eaef110300..955b92ac58e5f 100644
--- a/packages/@aws-cdk/aws-rds/lib/serverless-cluster.ts
+++ b/packages/@aws-cdk/aws-rds/lib/serverless-cluster.ts
@@ -356,8 +356,16 @@ abstract class ServerlessClusterNew extends ServerlessClusterBase {
   constructor(scope: Construct, id: string, props: ServerlessClusterNewProps) {
     super(scope, id);
 
-    if (props.vpc === undefined && props.vpcSubnets !== undefined) {
-      throw new Error('A VPC is required to use vpcSubnets in ServerlessCluster. Please add a VPC or remove vpcSubnets');
+    if (props.vpc === undefined) {
+      if (props.vpcSubnets !== undefined) {
+        throw new Error('A VPC is required to use vpcSubnets in ServerlessCluster. Please add a VPC or remove vpcSubnets');
+      }
+      if (props.subnetGroup !== undefined) {
+        throw new Error('A VPC is required to use subnetGroup in ServerlessCluster. Please add a VPC or remove subnetGroup');
+      }
+      if (props.securityGroups !== undefined) {
+        throw new Error('A VPC is required to use securityGroups in ServerlessCluster. Please add a VPC or remove securityGroups');
+      }
     }
 
     let subnetGroup: ISubnetGroup | undefined = props.subnetGroup;
diff --git a/packages/@aws-cdk/aws-rds/test/serverless-cluster.test.ts b/packages/@aws-cdk/aws-rds/test/serverless-cluster.test.ts
index 5806dd53f5329..a55a23df02421 100644
--- a/packages/@aws-cdk/aws-rds/test/serverless-cluster.test.ts
+++ b/packages/@aws-cdk/aws-rds/test/serverless-cluster.test.ts
@@ -822,41 +822,29 @@ describe('serverless cluster', () => {
     });
   });
 
-  test('can create a Serverless cluster without vpc but with imported security group', () => {
+  test('cannot create a Serverless cluster without VPC but specifying a security group', () => {
     // GIVEN
     const stack = testStack();
     const sg = ec2.SecurityGroup.fromSecurityGroupId(stack, 'SG', 'SecurityGroupId12345');
 
-    // WHEN
-    new ServerlessCluster(stack, 'Database', {
+    // THEN
+    expect(() => new ServerlessCluster(stack, 'Database', {
       engine: DatabaseClusterEngine.AURORA_MYSQL,
       securityGroups: [sg],
-    });
-
-    // THEN
-    Template.fromStack(stack).hasResourceProperties('AWS::RDS::DBCluster', {
-      VpcSecurityGroupIds: ['SecurityGroupId12345'],
-      DbSubnetGroupName: ABSENT,
-    });
+    })).toThrow(/A VPC is required to use securityGroups in ServerlessCluster. Please add a VPC or remove securityGroups/);
   });
 
-  test('can create a Serverless cluster without VPC but with imported subnet group', () => {
+  test('cannot create a Serverless cluster without VPC but specifying a subnet group', () => {
     // GIVEN
     const stack = testStack();
     const SubnetGroupName = 'SubnetGroupId12345';
     const subnetGroup = SubnetGroup.fromSubnetGroupName(stack, 'SubnetGroup12345', SubnetGroupName);
 
-    // WHEN
-    new ServerlessCluster(stack, 'Database', {
+    // THEN
+    expect(() => new ServerlessCluster(stack, 'Database', {
       engine: DatabaseClusterEngine.AURORA_MYSQL,
       subnetGroup,
-    });
-
-    // THEN
-    Template.fromStack(stack).hasResourceProperties('AWS::RDS::DBCluster', {
-      DBSubnetGroupName: SubnetGroupName,
-      VpcSecurityGroupIds: ABSENT,
-    });
+    })).toThrow(/A VPC is required to use subnetGroup in ServerlessCluster. Please add a VPC or remove subnetGroup/);
   });
 
   test('cannot create a Serverless cluster without VPC but specifying VPC subnets', () => {