diff --git a/data/data/aws/vpc/sg-master.tf b/data/data/aws/vpc/sg-master.tf
index b0cdc500078..51749c9129b 100644
--- a/data/data/aws/vpc/sg-master.tf
+++ b/data/data/aws/vpc/sg-master.tf
@@ -32,8 +32,8 @@ resource "aws_security_group_rule" "master_ingress_icmp" {
 
   protocol    = "icmp"
   cidr_blocks = ["${data.aws_vpc.cluster_vpc.cidr_block}"]
-  from_port   = 0
-  to_port     = 0
+  from_port   = -1
+  to_port     = -1
 }
 
 resource "aws_security_group_rule" "master_ingress_ssh" {
diff --git a/data/data/aws/vpc/sg-worker.tf b/data/data/aws/vpc/sg-worker.tf
index 0277e71800b..bb3aabe72cd 100644
--- a/data/data/aws/vpc/sg-worker.tf
+++ b/data/data/aws/vpc/sg-worker.tf
@@ -21,9 +21,9 @@ resource "aws_security_group_rule" "worker_ingress_icmp" {
   security_group_id = "${aws_security_group.worker.id}"
 
   protocol    = "icmp"
-  cidr_blocks = ["0.0.0.0/0"]
-  from_port   = 0
-  to_port     = 0
+  cidr_blocks = ["${data.aws_vpc.cluster_vpc.cidr_block}"]
+  from_port   = -1
+  to_port     = -1
 }
 
 resource "aws_security_group_rule" "worker_ingress_ssh" {