diff --git a/builder/amazon/chroot/builder.go b/builder/amazon/chroot/builder.go
index cd32d3bce..da82e496b 100644
--- a/builder/amazon/chroot/builder.go
+++ b/builder/amazon/chroot/builder.go
@@ -264,9 +264,11 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			Name:              b.config.AMIName,
 		},
 		&awscommon.StepAMIRegionCopy{
-			AccessConfig: &b.config.AccessConfig,
-			Regions:      b.config.AMIRegions,
-			Name:         b.config.AMIName,
+			AccessConfig:      &b.config.AccessConfig,
+			Regions:           b.config.AMIRegions,
+			RegionKeyIds:      b.config.AMIRegionKMSKeyIDs,
+			EncryptBootVolume: b.config.AMIEncryptBootVolume,
+			Name:              b.config.AMIName,
 		},
 		&awscommon.StepModifyAMIAttributes{
 			Description:    b.config.AMIDescription,
diff --git a/builder/amazon/ebssurrogate/builder.go b/builder/amazon/ebssurrogate/builder.go
index 9c70afecf..2fe17d149 100644
--- a/builder/amazon/ebssurrogate/builder.go
+++ b/builder/amazon/ebssurrogate/builder.go
@@ -217,9 +217,11 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 			Name:              b.config.AMIName,
 		},
 		&awscommon.StepAMIRegionCopy{
-			AccessConfig: &b.config.AccessConfig,
-			Regions:      b.config.AMIRegions,
-			Name:         b.config.AMIName,
+			AccessConfig:      &b.config.AccessConfig,
+			Regions:           b.config.AMIRegions,
+			RegionKeyIds:      b.config.AMIRegionKMSKeyIDs,
+			EncryptBootVolume: b.config.AMIEncryptBootVolume,
+			Name:              b.config.AMIName,
 		},
 		&awscommon.StepModifyAMIAttributes{
 			Description:    b.config.AMIDescription,
diff --git a/builder/amazon/instance/builder.go b/builder/amazon/instance/builder.go
index 77aeff333..151205ddc 100644
--- a/builder/amazon/instance/builder.go
+++ b/builder/amazon/instance/builder.go
@@ -270,9 +270,11 @@ func (b *Builder) Run(ui packer.Ui, hook packer.Hook, cache packer.Cache) (packe
 		},
 		&StepRegisterAMI{},
 		&awscommon.StepAMIRegionCopy{
-			AccessConfig: &b.config.AccessConfig,
-			Regions:      b.config.AMIRegions,
-			Name:         b.config.AMIName,
+			AccessConfig:      &b.config.AccessConfig,
+			Regions:           b.config.AMIRegions,
+			RegionKeyIds:      b.config.AMIRegionKMSKeyIDs,
+			EncryptBootVolume: b.config.AMIEncryptBootVolume,
+			Name:              b.config.AMIName,
 		},
 		&awscommon.StepModifyAMIAttributes{
 			Description:    b.config.AMIDescription,
diff --git a/website/source/docs/builders/amazon-chroot.html.md b/website/source/docs/builders/amazon-chroot.html.md
index f04abf8a7..ae660c78f 100644
--- a/website/source/docs/builders/amazon-chroot.html.md
+++ b/website/source/docs/builders/amazon-chroot.html.md
@@ -194,6 +194,15 @@ each category, the available configuration keys are alphabetized.
         volumes, io1 for Provisioned IOPS (SSD) volumes, and standard for Magnetic
         volumes
 
+- `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to, 
+   along with the custom kms key id to use for encryption for that region. 
+   Keys must match the regions provided in `ami_regions`. If you just want to 
+   encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`.
+   If you want a region to be encrypted with that region's default key ID, you can 
+   use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
+   However, you cannot use default key IDs if you are using this in conjunction with 
+   `snapshot_users` -- in that situation you must use custom keys.
+
 - `root_device_name` (string) - The root device name. For example, `xvda`.
 
 - `mount_path` (string) - The path where the volume will be mounted. This is
diff --git a/website/source/docs/builders/amazon-ebssurrogate.html.md b/website/source/docs/builders/amazon-ebssurrogate.html.md
index e966d20ff..d998bd82c 100644
--- a/website/source/docs/builders/amazon-ebssurrogate.html.md
+++ b/website/source/docs/builders/amazon-ebssurrogate.html.md
@@ -188,6 +188,15 @@ builder.
     preserved when booting from the AMI built with packer. See
     `ami_block_device_mappings`, above, for details.
 
+- `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to, 
+   along with the custom kms key id to use for encryption for that region. 
+   Keys must match the regions provided in `ami_regions`. If you just want to 
+   encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`.
+   If you want a region to be encrypted with that region's default key ID, you can 
+   use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
+   However, you cannot use default key IDs if you are using this in conjunction with 
+   `snapshot_users` -- in that situation you must use custom keys.
+
 - `run_tags` (object of key/value strings) - Tags to apply to the instance
     that is *launched* to create the AMI. These tags are *not* applied to the
     resulting AMI unless they're duplicated in `tags`. This is a
diff --git a/website/source/docs/builders/amazon-ebsvolume.html.md b/website/source/docs/builders/amazon-ebsvolume.html.md
index bd92570c4..000122528 100644
--- a/website/source/docs/builders/amazon-ebsvolume.html.md
+++ b/website/source/docs/builders/amazon-ebsvolume.html.md
@@ -115,6 +115,15 @@ builder.
     profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/instance-profiles.html)
     to launch the EC2 instance with.
 
+- `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to, 
+   along with the custom kms key id to use for encryption for that region. 
+   Keys must match the regions provided in `ami_regions`. If you just want to 
+   encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`.
+   If you want a region to be encrypted with that region's default key ID, you can 
+   use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
+   However, you cannot use default key IDs if you are using this in conjunction with 
+   `snapshot_users` -- in that situation you must use custom keys.    
+
 - `run_tags` (object of key/value strings) - Tags to apply to the instance
     that is *launched* to create the AMI. These tags are *not* applied to the
     resulting AMI unless they're duplicated in `tags`. This is a
diff --git a/website/source/docs/builders/amazon-instance.html.md b/website/source/docs/builders/amazon-instance.html.md
index b8fd465cc..af55b3463 100644
--- a/website/source/docs/builders/amazon-instance.html.md
+++ b/website/source/docs/builders/amazon-instance.html.md
@@ -211,6 +211,15 @@ builder.
     preserved when booting from the AMI built with Packer. See
     `ami_block_device_mappings`, above, for details.
 
+- `region_kms_key_ids` (map of strings) - a map of regions to copy the ami to, 
+   along with the custom kms key id to use for encryption for that region. 
+   Keys must match the regions provided in `ami_regions`. If you just want to 
+   encrypt using a default ID, you can stick with `kms_key_id` and `ami_regions`.
+   If you want a region to be encrypted with that region's default key ID, you can 
+   use an empty string `""` instead of a key id in this map. (e.g. `"us-east-1": ""`)
+   However, you cannot use default key IDs if you are using this in conjunction with 
+   `snapshot_users` -- in that situation you must use custom keys.       
+
 - `run_tags` (object of key/value strings) - Tags to apply to the instance
     that is *launched* to create the AMI. These tags are *not* applied to the
     resulting AMI unless they're duplicated in `tags`. This is a