diff --git a/builtin/providers/aws/resource_aws_security_group.go b/builtin/providers/aws/resource_aws_security_group.go
index 2fc9ecadc..5b78524a4 100644
--- a/builtin/providers/aws/resource_aws_security_group.go
+++ b/builtin/providers/aws/resource_aws_security_group.go
@@ -153,13 +153,37 @@ func resource_aws_security_group_update_state(
 
 	// Flatten our ingress values
 	toFlatten := make(map[string]interface{})
-	toFlatten["ingress"] = flattenIPPerms(sg.IPPerms)
+
+	ingressRules := make([]map[string]interface{}, 0, len(sg.IPPerms))
+	for _, perm := range sg.IPPerms {
+		n := make(map[string]interface{})
+		n["from_port"] = perm.FromPort
+		n["protocol"] = perm.Protocol
+		n["to_port"] = perm.ToPort
+
+		if len(perm.SourceIPs) > 0 {
+			n["cidr_blocks"] = perm.SourceIPs
+		}
+
+		if len(perm.SourceGroups) > 0 {
+			// We depend on other security groups
+			for _, v := range perm.SourceGroups {
+				s.Dependencies = append(s.Dependencies,
+					terraform.ResourceDependency{ID: v.Id},
+				)
+			}
+			n["security_groups"] = flattenSecurityGroups(perm.SourceGroups)
+		}
+
+		ingressRules = append(ingressRules, n)
+	}
+
+	toFlatten["ingress"] = ingressRules
 
 	for k, v := range flatmap.Flatten(toFlatten) {
 		s.Attributes[k] = v
 	}
 
-	s.Dependencies = nil
 	if s.Attributes["vpc_id"] != "" {
 		s.Dependencies = append(s.Dependencies,
 			terraform.ResourceDependency{ID: s.Attributes["vpc_id"]},
diff --git a/builtin/providers/aws/resource_aws_security_group_test.go b/builtin/providers/aws/resource_aws_security_group_test.go
index f6e56d7c9..759381f0b 100644
--- a/builtin/providers/aws/resource_aws_security_group_test.go
+++ b/builtin/providers/aws/resource_aws_security_group_test.go
@@ -85,6 +85,30 @@ func TestAccAWSSecurityGroup_vpc(t *testing.T) {
 	})
 }
 
+func TestAccAWSSecurityGroup_MultiIngress(t *testing.T) {
+	var group ec2.SecurityGroupInfo
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testAccCheckAWSSecurityGroupDestroy,
+		Steps: []resource.TestStep{
+			resource.TestStep{
+				Config: testAccAWSSecurityGroupConfigMultiIngress,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group),
+				),
+			},
+			resource.TestStep{
+				Config: testAccAWSSecurityGroupConfigMultiIngress,
+				Check: resource.ComposeTestCheckFunc(
+					testAccCheckAWSSecurityGroupExists("aws_security_group.web", &group),
+				),
+			},
+		},
+	})
+}
+
 func testAccCheckAWSSecurityGroupDestroy(s *terraform.State) error {
 	conn := testAccProvider.ec2conn
 
@@ -218,3 +242,36 @@ resource "aws_security_group" "web" {
     }
 }
 `
+
+const testAccAWSSecurityGroupConfigMultiIngress = `
+resource "aws_security_group" "worker" {
+    name = "terraform_acceptance_test_example_1"
+    description = "Used in the terraform acceptance tests"
+
+    ingress {
+        protocol = "tcp"
+        from_port = 80
+        to_port = 8000
+        cidr_blocks = ["10.0.0.0/8"]
+    }
+}
+
+resource "aws_security_group" "web" {
+    name = "terraform_acceptance_test_example_2"
+    description = "Used in the terraform acceptance tests"
+
+    ingress {
+        protocol = "tcp"
+        from_port = 80
+        to_port = 8000
+        cidr_blocks = ["10.0.0.0/8"]
+    }
+
+    ingress {
+        protocol = "tcp"
+        from_port = 80
+        to_port = 8000
+        security_groups = ["${aws_security_group.worker.id}"]
+    }
+}
+`