diff --git a/pkg/cloud/aws/services/ec2/bastion.go b/pkg/cloud/aws/services/ec2/bastion.go
index febab55202..af570a5322 100644
--- a/pkg/cloud/aws/services/ec2/bastion.go
+++ b/pkg/cloud/aws/services/ec2/bastion.go
@@ -57,6 +57,7 @@ func (s *Service) ReconcileBastion(clusterName, keyName string, status *v1alpha1
 	if keyName == "" {
 		keyName = defaultSSHKeyName
 	}
+
 	spec := s.getDefaultBastion(clusterName, status.Region, status.Network, keyName)
 
 	// Describe bastion instance, if any.
diff --git a/pkg/cloud/aws/services/ec2/filters.go b/pkg/cloud/aws/services/ec2/filters.go
index 8921d0ff9d..ab2056f294 100644
--- a/pkg/cloud/aws/services/ec2/filters.go
+++ b/pkg/cloud/aws/services/ec2/filters.go
@@ -95,6 +95,13 @@ func (s *Service) filterInstanceStates(states ...string) *ec2.Filter {
 	}
 }
 
+func (s *Service) filterVPCStates(states ...string) *ec2.Filter {
+	return &ec2.Filter{
+		Name:   aws.String("state"),
+		Values: aws.StringSlice(states),
+	}
+}
+
 // Add additional cluster tag filters, to match on our tags
 func (s *Service) addFilterTags(clusterName string, filters []*ec2.Filter) []*ec2.Filter {
 	filters = append(filters, s.filterCluster(clusterName))
diff --git a/pkg/cloud/aws/services/ec2/vpc.go b/pkg/cloud/aws/services/ec2/vpc.go
index a996880eeb..a790481731 100644
--- a/pkg/cloud/aws/services/ec2/vpc.go
+++ b/pkg/cloud/aws/services/ec2/vpc.go
@@ -100,7 +100,11 @@ func (s *Service) deleteVPC(v *v1alpha1.VPC) error {
 }
 
 func (s *Service) describeVPC(clusterName string, id string) (*v1alpha1.VPC, error) {
-	input := &ec2.DescribeVpcsInput{}
+	input := &ec2.DescribeVpcsInput{
+		Filters: []*ec2.Filter{
+			s.filterVPCStates(ec2.VpcStatePending, ec2.VpcStateAvailable),
+		},
+	}
 
 	if id == "" {
 		// Try to find a previously created and tagged VPC
@@ -124,6 +128,12 @@ func (s *Service) describeVPC(clusterName string, id string) (*v1alpha1.VPC, err
 		return nil, NewConflict(errors.Errorf("found more than one vpc with supplied filters. Please clean up extra VPCs: %s", out.GoString()))
 	}
 
+	switch *out.Vpcs[0].State {
+	case ec2.VpcStateAvailable, ec2.VpcStatePending:
+	default:
+		return nil, NewNotFound(errors.Errorf("could not find available or pending vpc"))
+	}
+
 	return &v1alpha1.VPC{
 		ID:        *out.Vpcs[0].VpcId,
 		CidrBlock: *out.Vpcs[0].CidrBlock,
diff --git a/pkg/cloud/aws/services/ec2/vpc_test.go b/pkg/cloud/aws/services/ec2/vpc_test.go
index 6a7051d1da..3ed1a78603 100644
--- a/pkg/cloud/aws/services/ec2/vpc_test.go
+++ b/pkg/cloud/aws/services/ec2/vpc_test.go
@@ -44,10 +44,17 @@ func TestReconcileVPC(t *testing.T) {
 						VpcIds: []*string{
 							aws.String("vpc-exists"),
 						},
+						Filters: []*ec2.Filter{
+							{
+								Name:   aws.String("state"),
+								Values: aws.StringSlice([]string{ec2.VpcStatePending, ec2.VpcStateAvailable}),
+							},
+						},
 					})).
 					Return(&ec2.DescribeVpcsOutput{
 						Vpcs: []*ec2.Vpc{
 							{
+								State:     aws.String("available"),
 								VpcId:     aws.String("vpc-exists"),
 								CidrBlock: aws.String("10.0.0.0/8"),
 							},
@@ -65,6 +72,12 @@ func TestReconcileVPC(t *testing.T) {
 						VpcIds: []*string{
 							aws.String("vpc-new"),
 						},
+						Filters: []*ec2.Filter{
+							{
+								Name:   aws.String("state"),
+								Values: aws.StringSlice([]string{ec2.VpcStatePending, ec2.VpcStateAvailable}),
+							},
+						},
 					})).
 					Return(&ec2.DescribeVpcsOutput{}, nil)
 
@@ -72,6 +85,7 @@ func TestReconcileVPC(t *testing.T) {
 					CreateVpc(gomock.AssignableToTypeOf(&ec2.CreateVpcInput{})).
 					Return(&ec2.CreateVpcOutput{
 						Vpc: &ec2.Vpc{
+							State:     aws.String("available"),
 							VpcId:     aws.String("vpc-new"),
 							CidrBlock: aws.String("10.1.0.0/16"),
 						},