diff --git a/modules/aws/vpc/sg-master.tf b/modules/aws/vpc/sg-master.tf
index 22430ced0f..1ac45e828d 100644
--- a/modules/aws/vpc/sg-master.tf
+++ b/modules/aws/vpc/sg-master.tf
@@ -23,7 +23,7 @@ resource "aws_security_group_rule" "master_ingress_icmp" {
   security_group_id = "${aws_security_group.master.id}"
 
   protocol    = "icmp"
-  cidr_blocks = ["0.0.0.0/0"]
+  cidr_blocks = ["${data.aws_vpc.cluster_vpc.cidr_block}"]
   from_port   = 0
   to_port     = 0
 }
@@ -43,7 +43,7 @@ resource "aws_security_group_rule" "master_ingress_http" {
   security_group_id = "${aws_security_group.master.id}"
 
   protocol    = "tcp"
-  cidr_blocks = ["0.0.0.0/0"]
+  cidr_blocks = ["${data.aws_vpc.cluster_vpc.cidr_block}"]
   from_port   = 80
   to_port     = 80
 }
@@ -53,7 +53,7 @@ resource "aws_security_group_rule" "master_ingress_https" {
   security_group_id = "${aws_security_group.master.id}"
 
   protocol    = "tcp"
-  cidr_blocks = ["0.0.0.0/0"]
+  cidr_blocks = ["${data.aws_vpc.cluster_vpc.cidr_block}"]
   from_port   = 6443
   to_port     = 6443
 }