diff --git a/builder/amazon/ebs/builder.go b/builder/amazon/ebs/builder.go
index fecd85502..6063f995a 100644
--- a/builder/amazon/ebs/builder.go
+++ b/builder/amazon/ebs/builder.go
@@ -33,6 +33,8 @@ type config struct {
 	SSHUsername     string `mapstructure:"ssh_username"`
 	SSHPort         int    `mapstructure:"ssh_port"`
 	SecurityGroupId string `mapstructure:"security_group_id"`
+	VpcId           string `mapstructure:"vpc_id"`
+	SubnetId        string `mapstructure:"subnet_id"`
 
 	// Configuration of the resulting AMI
 	AMIName string `mapstructure:"ami_name"`
diff --git a/builder/amazon/ebs/ssh.go b/builder/amazon/ebs/ssh.go
index c71429d89..599bf5ad9 100644
--- a/builder/amazon/ebs/ssh.go
+++ b/builder/amazon/ebs/ssh.go
@@ -10,7 +10,11 @@ import (
 func sshAddress(state map[string]interface{}) (string, error) {
 	config := state["config"].(config)
 	instance := state["instance"].(*ec2.Instance)
-	return fmt.Sprintf("%s:%d", instance.DNSName, config.SSHPort), nil
+	if config.VpcId == "" {
+		return fmt.Sprintf("%s:%d", instance.DNSName, config.SSHPort), nil
+	} else {
+		return fmt.Sprintf("%s:%d", instance.PrivateIpAddress, config.SSHPort), nil
+	}
 }
 
 func sshConfig(state map[string]interface{}) (*gossh.ClientConfig, error) {
diff --git a/builder/amazon/ebs/step_run_source_instance.go b/builder/amazon/ebs/step_run_source_instance.go
index 2e6d9133b..ada21de20 100644
--- a/builder/amazon/ebs/step_run_source_instance.go
+++ b/builder/amazon/ebs/step_run_source_instance.go
@@ -26,6 +26,7 @@ func (s *stepRunSourceInstance) Run(state map[string]interface{}) multistep.Step
 		MinCount:       0,
 		MaxCount:       0,
 		SecurityGroups: []ec2.SecurityGroup{ec2.SecurityGroup{Id: securityGroupId}},
+		SubnetId:       config.SubnetId,
 	}
 
 	ui.Say("Launching a source AWS instance...")
diff --git a/builder/amazon/ebs/step_security_group.go b/builder/amazon/ebs/step_security_group.go
index 1dd326e83..4a056a1b3 100644
--- a/builder/amazon/ebs/step_security_group.go
+++ b/builder/amazon/ebs/step_security_group.go
@@ -29,7 +29,7 @@ func (s *stepSecurityGroup) Run(state map[string]interface{}) multistep.StepActi
 	ui.Say("Creating temporary security group for this instance...")
 	groupName := fmt.Sprintf("packer %s", hex.EncodeToString(identifier.NewUUID().Raw()))
 	log.Printf("Temporary group name: %s", groupName)
-	groupResp, err := ec2conn.CreateSecurityGroup(groupName, "Temporary group for Packer")
+	groupResp, err := ec2conn.CreateSecurityGroup(ec2.SecurityGroup{Name: groupName, Description: "Temporary group for Packer", VpcId: config.VpcId})
 	if err != nil {
 		ui.Error(err.Error())
 		return multistep.ActionHalt
diff --git a/website/source/docs/builders/amazon-ebs.html.markdown b/website/source/docs/builders/amazon-ebs.html.markdown
index 9de30fcb0..e04e7615b 100644
--- a/website/source/docs/builders/amazon-ebs.html.markdown
+++ b/website/source/docs/builders/amazon-ebs.html.markdown
@@ -76,6 +76,12 @@ Optional:
   before timing out. The format of this value is a duration such as "5s"
   or "5m". The default SSH timeout is "1m", or one minute.
 
+* `subnet_id` (string) - If using VPC, the ID of the subnet, such as
+  "subnet-12345def", where Packer will launch the EC2 instance.
+
+* `vpc_id` (string) - If launching into a VPC subnet, Packer needs the
+  VPC ID in order to create a temporary security group within the VPC.
+
 ## Basic Example
 
 Here is a basic example. It is completely valid except for the access keys: