diff --git a/doc/topics/cloud/aws.rst b/doc/topics/cloud/aws.rst
index 783b9713b5..53f055fb41 100644
--- a/doc/topics/cloud/aws.rst
+++ b/doc/topics/cloud/aws.rst
@@ -1048,6 +1048,12 @@ the network interfaces of your virtual machines, for example:-
           # to accept IP packets with destinations other than itself.
           # SourceDestCheck: False
 
+        - DeviceIndex: 1
+          subnetname: XXXXXXXX-Subnet
+          securitygroupname:
+            - XXXXXXXX-SecurityGroup
+            - YYYYYYYY-SecurityGroup
+
 Note that it is an error to assign a 'subnetid', 'subnetname', 'securitygroupid'
 or 'securitygroupname' to a profile where the interfaces are manually configured
 like this. These are both really properties of each network interface, not of
diff --git a/salt/cloud/clouds/ec2.py b/salt/cloud/clouds/ec2.py
index 3e6712c682..90a5a5dc40 100644
--- a/salt/cloud/clouds/ec2.py
+++ b/salt/cloud/clouds/ec2.py
@@ -1122,6 +1122,24 @@ def get_tenancy(vm_):
     )
 
 
+def _get_subnetname_id(subnetname):
+    '''
+    Returns the SubnetId of a SubnetName to use
+    '''
+    params = {'Action': 'DescribeSubnets'}
+    for subnet in aws.query(params, location=get_location(),
+               provider=get_provider(), opts=__opts__, sigver='4'):
+        tags = subnet.get('tagSet', {}).get('item', {})
+        if not isinstance(tags, list):
+            tags = [ tags, ]
+        for tag in tags:
+            if tag['key'] == 'Name' and tag['value'] == subnetname:
+                log.debug('AWS Subnet ID of {0} is {1}'.format(
+                                        subnetname, subnet['subnetId'] )
+                )
+                return subnet['subnetId']
+    return None
+
 def get_subnetid(vm_):
     '''
     Returns the SubnetId to use
@@ -1136,20 +1154,25 @@ def get_subnetid(vm_):
         'subnetname', vm_, __opts__, search_global=False
     )
     if subnetname:
-        params = {'Action': 'DescribeSubnets'}
-        for subnet in aws.query(params, location=get_location(),
-                   provider=get_provider(), opts=__opts__, sigver='4'):
-            tags = subnet.get('tagSet', {}).get('item', {})
-            if not isinstance(tags, list):
-                tags = [tags]
-            for tag in tags:
-                if tag['key'] == 'Name' and tag['value'] == subnetname:
-                    log.debug('AWS Subnet ID of {0} is {1}'.format(
-                        subnetname, subnet['subnetId'])
-                    )
-                    return subnet['subnetId']
+        return _get_subnetname_id(subnetname)
     return None
 
+def _get_securitygroupname_id(securitygroupname_list):
+    '''
+    Returns the SecurityGroupId of a SecurityGroupName to use
+    '''
+    securitygroupid_set = set()
+    if not isinstance(securitygroupname_list, list):
+    securitygroupname_list = [ securitygroupname_list, ]
+    params = {'Action': 'DescribeSecurityGroups'}
+    for sg in aws.query(params, location=get_location(),
+               provider=get_provider(), opts=__opts__, sigver='4'):
+        if sg['groupName'] in securitygroupname_list:
+            log.debug('AWS SecurityGroup ID of {0} is {1}'.format(
+                                    sg['groupName'], sg['groupId'] )
+            )
+            securitygroupid_set.add(sg['groupId'])
+    return list(securitygroupid_set)
 
 def securitygroupid(vm_):
     '''
@@ -1161,7 +1184,7 @@ def securitygroupid(vm_):
     )
     if securitygroupid_list:
         if isinstance(securitygroupid_list, list):
-            securitygroupid_set.union(securitygroupid_list)
+            securitygroupid_set = securitygroupid_set.union( securitygroupid_list )
         else:
             securitygroupid_set.add(securitygroupid_list)
 
@@ -1169,16 +1192,7 @@ def securitygroupid(vm_):
         'securitygroupname', vm_, __opts__, search_global=False
     )
     if securitygroupname_list:
-        if not isinstance(securitygroupname_list, list):
-            securitygroupname_list = [securitygroupname_list]
-        params = {'Action': 'DescribeSecurityGroups'}
-        for sg in aws.query(params, location=get_location(),
-                            provider=get_provider(), opts=__opts__, sigver='4'):
-            if sg['groupName'] in securitygroupname_list:
-                log.debug('AWS SecurityGroup ID of {0} is {1}'.format(
-                    sg['groupName'], sg['groupId'])
-                )
-                securitygroupid_set.add(sg['groupId'])
+        securitygroupid_set = securitygroupid_set.union( _get_securitygroupname_id(securitygroupname_list) )
     return list(securitygroupid_set)
 
 
@@ -1289,6 +1303,11 @@ def _create_eni_if_necessary(interface, vm_):
                              opts=__opts__,
                              sigver='4')
 
+    if 'SecurityGroupId' not in interface and 'securitygroupname' in interface:
+        interface['SecurityGroupId'] = _get_securitygroupname_id(interface['securitygroupname'])
+    if 'SubnetId' not in interface and 'subnetname' in interface:
+        interface['SubnetId'] = _get_subnetname_id(interface['subnetname'])
+
     subnet_id = _get_subnet_id_for_interface(subnet_query, interface)
     if not subnet_id:
         raise SaltCloudConfigError(