diff --git a/builtin/providers/aws/import_aws_security_group.go b/builtin/providers/aws/import_aws_security_group.go
index 3070f61c3..1957c3354 100644
--- a/builtin/providers/aws/import_aws_security_group.go
+++ b/builtin/providers/aws/import_aws_security_group.go
@@ -40,14 +40,17 @@ func resourceAwsSecurityGroupImportState(
 	for ruleType, perms := range permMap {
 		for _, perm := range perms {
 			// Construct the rule. We do this by populating the absolute
-			// minimum necessary for Refresh on the rule to work.
+			// minimum necessary for Refresh on the rule to work. This
+			// happens to be a lot of fields since they're almost all needed
+			// for de-dupping.
 			id := ipPermissionIDHash(sgId, ruleType, perm)
-			data := ruleResource.Data(nil)
-			data.SetId(id)
-			data.SetType("aws_security_group_rule")
-			data.Set("security_group_id", sgId)
-			data.Set("type", ruleType)
-			results = append(results, data)
+			d := ruleResource.Data(nil)
+			d.SetId(id)
+			d.SetType("aws_security_group_rule")
+			d.Set("security_group_id", sgId)
+			d.Set("type", ruleType)
+			setFromIPPerm(d, sg, perm)
+			results = append(results, d)
 		}
 	}
 
diff --git a/builtin/providers/aws/resource_aws_security_group_rule.go b/builtin/providers/aws/resource_aws_security_group_rule.go
index f1f388364..6ff47daa4 100644
--- a/builtin/providers/aws/resource_aws_security_group_rule.go
+++ b/builtin/providers/aws/resource_aws_security_group_rule.go
@@ -239,27 +239,8 @@ func resourceAwsSecurityGroupRuleRead(d *schema.ResourceData, meta interface{})
 
 	log.Printf("[DEBUG] Found rule for Security Group Rule (%s): %s", d.Id(), rule)
 
-	d.Set("from_port", rule.FromPort)
-	d.Set("to_port", rule.ToPort)
-	d.Set("protocol", rule.IpProtocol)
 	d.Set("type", ruleType)
-
-	var cb []string
-	for _, c := range p.IpRanges {
-		cb = append(cb, *c.CidrIp)
-	}
-
-	d.Set("cidr_blocks", cb)
-
-	if len(p.UserIdGroupPairs) > 0 {
-		s := p.UserIdGroupPairs[0]
-		if isVPC {
-			d.Set("source_security_group_id", *s.GroupId)
-		} else {
-			d.Set("source_security_group_id", *s.GroupName)
-		}
-	}
-
+	setFromIPPerm(d, sg, rule)
 	return nil
 }
 
@@ -515,3 +496,29 @@ func expandIPPerm(d *schema.ResourceData, sg *ec2.SecurityGroup) (*ec2.IpPermiss
 
 	return &perm, nil
 }
+
+func setFromIPPerm(d *schema.ResourceData, sg *ec2.SecurityGroup, rule *ec2.IpPermission) error {
+	isVPC := sg.VpcId != nil && *sg.VpcId != ""
+
+	d.Set("from_port", rule.FromPort)
+	d.Set("to_port", rule.ToPort)
+	d.Set("protocol", rule.IpProtocol)
+
+	var cb []string
+	for _, c := range rule.IpRanges {
+		cb = append(cb, *c.CidrIp)
+	}
+
+	d.Set("cidr_blocks", cb)
+
+	if len(rule.UserIdGroupPairs) > 0 {
+		s := rule.UserIdGroupPairs[0]
+		if isVPC {
+			d.Set("source_security_group_id", *s.GroupId)
+		} else {
+			d.Set("source_security_group_id", *s.GroupName)
+		}
+	}
+
+	return nil
+}
diff --git a/terraform/eval_refresh.go b/terraform/eval_refresh.go
index 75e9e1c77..fa2b8126c 100644
--- a/terraform/eval_refresh.go
+++ b/terraform/eval_refresh.go
@@ -47,7 +47,6 @@ func (n *EvalRefresh) Eval(ctx EvalContext) (interface{}, error) {
 		return nil, err
 	}
 
-	log.Printf("STATE: %#v", state)
 	if n.Output != nil {
 		*n.Output = state
 	}