diff --git a/modules/aws/vpc/sg-etcd.tf b/modules/aws/vpc/sg-etcd.tf
index eb6aa3c1b0f..5a30393c7d6 100644
--- a/modules/aws/vpc/sg-etcd.tf
+++ b/modules/aws/vpc/sg-etcd.tf
@@ -57,3 +57,13 @@ resource "aws_security_group_rule" "etcd_ingress_peer" {
   to_port   = 2380
   self      = true
 }
+
+resource "aws_security_group_rule" "etcd_ingress_kubelet_insecure_from_master" {
+  type                     = "ingress"
+  security_group_id        = "${aws_security_group.etcd.id}"
+  source_security_group_id = "${aws_security_group.master.id}"
+
+  protocol  = "tcp"
+  from_port = 10250
+  to_port   = 10250
+}