From 33cf6bf45435dcbafcd954a7edc164056eaf989f Mon Sep 17 00:00:00 2001
From: Kyle <kwyatt@users.noreply.github.com>
Date: Mon, 15 Mar 2021 03:37:13 -0700
Subject: [PATCH] Fix logic for checking for KMS keys (#10754)

---
 builder/amazon/common/ami_config.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/builder/amazon/common/ami_config.go b/builder/amazon/common/ami_config.go
index 36b9ab571..ffad5df26 100644
--- a/builder/amazon/common/ami_config.go
+++ b/builder/amazon/common/ami_config.go
@@ -172,7 +172,7 @@ func (c *AMIConfig) Prepare(accessConfig *AccessConfig, ctx *interpolate.Context
 
 	// Prevent sharing of default KMS key encrypted volumes with other aws users
 	if len(c.AMIUsers) > 0 {
-		if len(c.AMIKmsKeyId) == 0 && c.AMIEncryptBootVolume.True() {
+		if len(c.AMIKmsKeyId) == 0 && len(c.AMIRegionKMSKeyIDs) == 0 && c.AMIEncryptBootVolume.True() {
 			errs = append(errs, fmt.Errorf("Cannot share AMI encrypted with default KMS key"))
 		}
 		if len(c.AMIRegionKMSKeyIDs) > 0 {