diff --git a/library/cloud/rds b/library/cloud/rds
index 14e888ecc86..faef8480bbc 100644
--- a/library/cloud/rds
+++ b/library/cloud/rds
@@ -300,7 +300,7 @@ def main():
             multi_zone        = dict(type='bool', default=False),
             iops              = dict(required=False), 
             security_groups   = dict(required=False),
-            vpc_security_groups = dict(required=False),
+            vpc_security_groups = dict(type='list', required=False),
             port              = dict(required=False),
             upgrade           = dict(type='bool', default=False),
             option_group      = dict(required=False),
@@ -465,7 +465,10 @@ def main():
         params["security_groups"] = security_groups.split(',')
 
     if vpc_security_groups:
-        params["vpc_security_groups"] = vpc_security_groups.split(',')
+        groups_list = []
+        for x in vpc_security_groups:
+            groups_list.append(boto.rds.VPCSecurityGroupMembership(vpc_group=x))
+        params["vpc_security_groups"] = groups_list
 
     if new_instance_name:
         params["new_instance_id"] = new_instance_name
@@ -618,9 +621,14 @@ def main():
     if resource.status == 'available' and command != 'snapshot':
         d["endpoint"] = resource.endpoint[0]
         d["port"] = resource.endpoint[1]
+        if resource.vpc_security_groups is not None:
+            d["vpc_security_groups"] = ','.join(x.vpc_group for x in resource.vpc_security_groups)
+        else:
+            d["vpc_security_groups"] = None
     else:
         d["endpoint"] = None
         d["port"] = None
+        d["vpc_security_groups"] = None
 
     # ReadReplicaSourceDBInstanceIdentifier may or may not exist
     try: