diff --git a/docs/run_in_existing_vpc.md b/docs/run_in_existing_vpc.md
index 89942a028b..5bf995e885 100644
--- a/docs/run_in_existing_vpc.md
+++ b/docs/run_in_existing_vpc.md
@@ -76,6 +76,36 @@ probably remove that tag to indicate that the resources are not owned by that cl
 deleting the cluster won't try to delete the VPC.  (Deleting the VPC won't succeed anyway, because it's in use,
 but it's better to avoid the later confusion!)
 
+
+### VPC with multiple CIDRs
+
+AWS now allows you to add more CIDRs to a VPC, the param `AdditionalNetworkCIDRs` allows you to specify any additional CIDRs added to the VPC.
+
+```
+metadata:
+  creationTimestamp: "2016-06-27T14:23:34Z"
+  name: ${CLUSTER_NAME}
+spec:
+  cloudProvider: aws
+  networkCIDR: 10.1.0.0/16
+  AdditionalNetworkCIDRs:
+  - 10.2.0.0/16
+  networkID: vpc-00aa5577
+  subnets:
+  - cidr: 10.1.0.0/19
+    name: us-east-1b
+    type: Public
+    zone: us-east-1b
+    id: subnet-1234567
+  - cidr: 10.2.0.0/19
+    name: us-east-1b
+    type: Public
+    zone: us-east-1b
+    id: subnet-1234568
+```
+
+
+
 ## Advanced Options for Creating Clusters in Existing VPCs
 
 ### Shared Subnets
diff --git a/pkg/apis/kops/validation/legacy.go b/pkg/apis/kops/validation/legacy.go
index ab72108443..c0150cc994 100644
--- a/pkg/apis/kops/validation/legacy.go
+++ b/pkg/apis/kops/validation/legacy.go
@@ -496,7 +496,7 @@ func ValidateCluster(c *kops.Cluster, strict bool) *field.Error {
 	return nil
 }
 
-// validateEtcdClusterSpec is responsible for validating the etcd cluster spec
+// validateSubnetCIDR is responsible for validating subnets are part of the CIRDs assigned to the cluster.
 func validateSubnetCIDR(networkCIDR *net.IPNet, additionalNetworkCIDRs []*net.IPNet, subnetCIDR *net.IPNet) bool {
 	if isSubnet(networkCIDR, subnetCIDR) {
 		return true
diff --git a/upup/pkg/fi/cloudup/awstasks/vpc.go b/upup/pkg/fi/cloudup/awstasks/vpc.go
index 441b2faa50..fef3e758fe 100644
--- a/upup/pkg/fi/cloudup/awstasks/vpc.go
+++ b/upup/pkg/fi/cloudup/awstasks/vpc.go
@@ -36,6 +36,7 @@ type VPC struct {
 
 	ID                 *string
 	CIDR               *string
+	AdditionalCIDR     *[]string
 	EnableDNSHostnames *bool
 	EnableDNSSupport   *bool
 
@@ -75,10 +76,11 @@ func (e *VPC) Find(c *fi.Context) (*VPC, error) {
 	}
 	vpc := response.Vpcs[0]
 	actual := &VPC{
-		ID:   vpc.VpcId,
-		CIDR: vpc.CidrBlock,
-		Name: findNameTag(vpc.Tags),
-		Tags: intersectTags(vpc.Tags, e.Tags),
+		ID:             vpc.VpcId,
+		CIDR:           vpc.CidrBlock,
+		AdditionalCIDR: getAdditionalCIDR(vpc.CidrBlock, vpc.CidrBlockAssociationSet),
+		Name:           findNameTag(vpc.Tags),
+		Tags:           intersectTags(vpc.Tags, e.Tags),
 	}
 
 	glog.V(4).Infof("found matching VPC %v", actual)
@@ -273,3 +275,15 @@ func (e *VPC) CloudformationLink() *cloudformation.Literal {
 
 	return cloudformation.Ref("AWS::EC2::VPC", *e.Name)
 }
+
+func getAdditionalCIDR(CIDR *string, additionalCIDRSet []*ec2.VpcCidrBlockAssociation) *[]string {
+	var additionalCIDRs []string
+
+	for _, CIDRSet := range additionalCIDRSet {
+		if *CIDRSet.CidrBlock != *CIDR {
+			additionalCIDRs = append(additionalCIDRs, *CIDRSet.CidrBlock)
+		}
+	}
+
+	return &additionalCIDRs
+}