diff --git a/steps/etcd/aws/etcd.tf b/steps/etcd/aws/etcd.tf
index 3d5b65c23e5..7f8ce4c0d80 100644
--- a/steps/etcd/aws/etcd.tf
+++ b/steps/etcd/aws/etcd.tf
@@ -63,7 +63,7 @@ module "etcd" {
   root_volume_size        = "${var.tectonic_aws_etcd_root_volume_size}"
   root_volume_type        = "${var.tectonic_aws_etcd_root_volume_type}"
   s3_bucket               = "${local.s3_bucket}"
-  sg_ids                  = "${concat(var.tectonic_aws_etcd_extra_sg_ids, list(local.sg_id))}"
+  sg_ids                  = "${concat(var.tectonic_aws_etcd_extra_sg_ids, local.sg_ids)}"
   subnets                 = ["${local.subnet_ids_workers}"]
   etcd_iam_role           = "${var.tectonic_aws_etcd_iam_role_name}"
   ec2_ami                 = "${var.tectonic_aws_ec2_ami_override}"
diff --git a/steps/etcd/aws/inputs.tf b/steps/etcd/aws/inputs.tf
index ab53c0b35ce..b0471163211 100644
--- a/steps/etcd/aws/inputs.tf
+++ b/steps/etcd/aws/inputs.tf
@@ -17,7 +17,7 @@ data "terraform_remote_state" "assets" {
 
 locals {
   ignition           = "${data.terraform_remote_state.assets.ignition_etcd}"
-  sg_id              = "${data.terraform_remote_state.topology.etcd_sg_id}"
+  sg_ids             = ["${data.terraform_remote_state.topology.etcd_sg_id}", "${data.terraform_remote_state.topology.master_sg_id}"]
   subnet_ids_workers = "${data.terraform_remote_state.topology.subnet_ids_workers}"
   s3_bucket          = "${data.terraform_remote_state.topology.s3_bucket}"
   private_zone_id    = "${var.tectonic_aws_external_private_zone != "" ? var.tectonic_aws_external_private_zone : data.terraform_remote_state.topology.private_zone_id}"
diff --git a/steps/masters/aws/inputs.tf b/steps/masters/aws/inputs.tf
index f4980c5a869..9b1ba12bfe5 100644
--- a/steps/masters/aws/inputs.tf
+++ b/steps/masters/aws/inputs.tf
@@ -9,5 +9,5 @@ data "terraform_remote_state" "topology" {
 locals {
   subnet_ids = "${data.terraform_remote_state.topology.subnet_ids_masters}"
   aws_lbs    = "${data.terraform_remote_state.topology.aws_lbs}"
-  sg_id      = "${data.terraform_remote_state.topology.master_sg_id}"
+  sg_ids     = ["${data.terraform_remote_state.topology.master_sg_id}", "${data.terraform_remote_state.topology.etcd_sg_id}"]
 }
diff --git a/steps/masters/aws/main.tf b/steps/masters/aws/main.tf
index d04b852d3ce..b462a57164f 100644
--- a/steps/masters/aws/main.tf
+++ b/steps/masters/aws/main.tf
@@ -36,7 +36,7 @@ module "masters" {
   extra_tags                   = "${var.tectonic_aws_extra_tags}"
   instance_count               = "${var.tectonic_bootstrap == "true" ? 1 : var.tectonic_master_count}"
   master_iam_role              = "${var.tectonic_aws_master_iam_role_name}"
-  master_sg_ids                = "${concat(var.tectonic_aws_master_extra_sg_ids, list(local.sg_id))}"
+  master_sg_ids                = "${concat(var.tectonic_aws_master_extra_sg_ids, local.sg_ids)}"
   private_endpoints            = "${local.private_endpoints}"
   public_endpoints             = "${local.public_endpoints}"
   region                       = "${var.tectonic_aws_region}"