diff --git a/builder/amazon/common/ami_config.go b/builder/amazon/common/ami_config.go
index 3e858d1f3..b8062fdca 100644
--- a/builder/amazon/common/ami_config.go
+++ b/builder/amazon/common/ami_config.go
@@ -59,8 +59,21 @@ func (c *AMIConfig) Prepare(accessConfig *AccessConfig, ctx *interpolate.Context
 
 	errs = append(errs, c.prepareRegions(accessConfig)...)
 
-	if len(c.AMIUsers) > 0 && c.AMIEncryptBootVolume != nil && *c.AMIEncryptBootVolume {
-		errs = append(errs, fmt.Errorf("Cannot share AMI with encrypted boot volume"))
+	//if len(c.AMIUsers) > 0 && c.AMIEncryptBootVolume != nil && *c.AMIEncryptBootVolume {
+	//errs = append(errs, fmt.Errorf("Cannot share AMI with encrypted boot volume"))
+	//}
+
+	if len(c.AMIUsers) > 0 {
+		if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume != nil && *c.AMIEncryptBootVolume {
+			errs = append(errs, fmt.Errorf("Cannot share AMI encrypted with default KMS key"))
+		}
+		if len(c.AMIRegionKMSKeyIDs) > 0 {
+			for _, kmsKey := range c.AMIRegionKMSKeyIDs {
+				if len(kmsKey) == 0 {
+					errs = append(errs, fmt.Errorf("Cannot share AMI encrypted with default KMS key for other regions"))
+				}
+			}
+		}
 	}
 
 	var kmsKeys []string
diff --git a/builder/amazon/common/ami_config_test.go b/builder/amazon/common/ami_config_test.go
index f3d098d69..0e72d30dc 100644
--- a/builder/amazon/common/ami_config_test.go
+++ b/builder/amazon/common/ami_config_test.go
@@ -169,10 +169,9 @@ func TestAMIConfigPrepare_Share_EncryptedBoot(t *testing.T) {
 	if err := c.Prepare(accessConf, nil); err == nil {
 		t.Fatal("shouldn't be able to share ami with encrypted boot volume")
 	}
-
 	c.AMIKmsKeyId = "89c3fb9a-de87-4f2a-aedc-fddc5138193c"
-	if err := c.Prepare(accessConf, nil); err == nil {
-		t.Fatal("shouldn't be able to share ami with encrypted boot volume")
+	if err := c.Prepare(accessConf, nil); err != nil {
+		t.Fatal("should be able to share ami with encrypted boot volume")
 	}
 }