diff --git a/builtin/providers/aws/resource_aws_elb.go b/builtin/providers/aws/resource_aws_elb.go
index ef5f459a9..85e721c92 100644
--- a/builtin/providers/aws/resource_aws_elb.go
+++ b/builtin/providers/aws/resource_aws_elb.go
@@ -43,8 +43,17 @@ func resource_aws_elb_create(
 
 	if _, ok := rs.Attributes["availability_zones.#"]; ok {
 		v = flatmap.Expand(rs.Attributes, "availability_zones").([]interface{})
-		zones := expandStringList(v)
-		elbOpts.AvailZone = zones
+		elbOpts.AvailZone = expandStringList(v)
+	}
+
+	if _, ok := rs.Attributes["security_groups.#"]; ok {
+		v = flatmap.Expand(rs.Attributes, "security_groups").([]interface{})
+		elbOpts.SecurityGroups = expandStringList(v)
+	}
+
+	if _, ok := rs.Attributes["subnets.#"]; ok {
+		v = flatmap.Expand(rs.Attributes, "subnets").([]interface{})
+		elbOpts.Subnets = expandStringList(v)
 	}
 
 	log.Printf("[DEBUG] ELB create configuration: %#v", elbOpts)
@@ -248,6 +257,8 @@ func resource_aws_elb_diff(
 		Attrs: map[string]diff.AttrType{
 			"name":              diff.AttrTypeCreate,
 			"availability_zone": diff.AttrTypeCreate,
+			"security_groups":   diff.AttrTypeCreate, // TODO could be AttrTypeUpdate
+			"subnets":           diff.AttrTypeCreate, // TODO could be AttrTypeUpdate
 			"listener":          diff.AttrTypeCreate,
 			"instances":         diff.AttrTypeUpdate,
 			"health_check":      diff.AttrTypeCreate,
@@ -275,6 +286,14 @@ func resource_aws_elb_update_state(
 		toFlatten["instances"] = flattenInstances(balancer.Instances)
 	}
 
+	if len(balancer.SecurityGroups) > 0 && balancer.SecurityGroups[0] != "" {
+		toFlatten["security_groups"] = balancer.SecurityGroups
+	}
+
+	if len(balancer.Subnets) > 0 && balancer.Subnets[0] != "" {
+		toFlatten["subnets"] = balancer.Subnets
+	}
+
 	// There's only one health check, so save that to state as we
 	// currently can
 	if balancer.HealthCheck.Target != "" {
@@ -326,6 +345,8 @@ func resource_aws_elb_validation() *config.Validator {
 		Optional: []string{
 			"instances.*",
 			"availability_zones.*",
+			"security_groups.*",
+			"subnets.*",
 			"health_check.#",
 			"health_check.0.healthy_threshold",
 			"health_check.0.unhealthy_threshold",
diff --git a/website/source/docs/providers/aws/r/elb.html.markdown b/website/source/docs/providers/aws/r/elb.html.markdown
index 4d8f88ea5..890c1c331 100644
--- a/website/source/docs/providers/aws/r/elb.html.markdown
+++ b/website/source/docs/providers/aws/r/elb.html.markdown
@@ -41,9 +41,11 @@ The following arguments are supported:
 
 * `name` - (Required) The name of the ELB
 * `availability_zones` - (Optional) The AZ's to serve traffic in.
+* `security_groups` - (Optional) A list of security group IDs to assign to the ELB.
+* `subnets` - (Optional) A list of subnets to attach to the ELB.
 * `instances` - (Optional) A list of instance ids to place in the ELB pool.
 * `listener` - (Required) A list of listener blocks. Listeners documented below.
-* `listener` - (Required) A health_check block. Health Check documented below.
+* `health_check` - (Required) A health_check block. Health Check documented below.
 
 Listeners support the following: