diff --git a/internal/service/ec2/security_group_rule.go b/internal/service/ec2/security_group_rule.go
index ac74af0272c..975ff6da434 100644
--- a/internal/service/ec2/security_group_rule.go
+++ b/internal/service/ec2/security_group_rule.go
@@ -44,6 +44,10 @@ func ResourceSecurityGroupRule() *schema.Resource {
 		SchemaVersion: 2,
 		MigrateState:  SecurityGroupRuleMigrateState,
 
+		Timeouts: &schema.ResourceTimeout{
+			Read: schema.DefaultTimeout(5 * time.Minute),
+		},
+
 		Schema: map[string]*schema.Schema{
 			"type": {
 				Type:        schema.TypeString,
@@ -227,7 +231,7 @@ information and instructions for recovery. Error: %w`, sg_id, autherr)
 	id := IPPermissionIDHash(sg_id, ruleType, perm)
 	log.Printf("[DEBUG] Computed group rule ID %s", id)
 
-	err = resource.Retry(5*time.Minute, func() *resource.RetryError {
+	err = resource.Retry(d.Timeout(schema.TimeoutRead), func() *resource.RetryError {
 		sg, err := FindSecurityGroupByID(conn, sg_id)
 
 		if err != nil {
diff --git a/website/docs/r/security_group_rule.html.markdown b/website/docs/r/security_group_rule.html.markdown
index 443d54ff4cc..047be5026b1 100644
--- a/website/docs/r/security_group_rule.html.markdown
+++ b/website/docs/r/security_group_rule.html.markdown
@@ -90,6 +90,13 @@ In addition to all arguments above, the following attributes are exported:
 
 * `id` - ID of the security group rule.
 
+## Timeouts
+
+`aws_security_group_rule` provides the following [Timeouts](/docs/configuration/resources.html#timeouts)
+configuration options:
+
+- `read` - (Default `5 minutes`) How long to wait for reading a rsecurity group rule.
+
 ## Import
 
 Security Group Rules can be imported using the `security_group_id`, `type`, `protocol`, `from_port`, `to_port`, and source(s)/destination(s) (e.g., `cidr_block`) separated by underscores (`_`). All parts are required.