diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index fa1e2d30f8..951913367e 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,7 @@ CHANGELOG
 =====
 
 * feature:``cfncluster``: Added option to encrypt ephemeral drives with in-memory keys
+* feature:``cfncluster``: Support for EBS encryption on /shared volume
 * feature:``cfncluster``: Detect all ephemeral drives, stripe and mount as /scratch
 * feature:``cfncluster``: Support for placement groups
 * feature:``cfncluster``: Support for cluster placement logic. Can either be cluster or compute.
diff --git a/cli/cfncluster/cfnconfig.py b/cli/cfncluster/cfnconfig.py
index fc24ff6c79..f5720f067d 100644
--- a/cli/cfncluster/cfnconfig.py
+++ b/cli/cfncluster/cfnconfig.py
@@ -160,7 +160,7 @@ def __init__(self, args):
 
         # Dictionary list of all EBS options
         self.__ebs_options = dict(ebs_snapshot_id='EBSSnapshotId', volume_type='VolumeType', volume_size='VolumeSize',
-                                  volume_iops='VolumeIOPS')
+                                  volume_iops='VolumeIOPS', encrypted='EBSEncryption')
 
         try:
             if self.__ebs_section:
diff --git a/cli/cfncluster/examples/config b/cli/cfncluster/examples/config
index f72b033ddc..d4ccef2a09 100644
--- a/cli/cfncluster/examples/config
+++ b/cli/cfncluster/examples/config
@@ -133,6 +133,9 @@ availability_zones =
 #volume_size = 200
 # Number of IOPS for io1 type volumes
 #volume_iops = 200
+# Use encrypted volume (should not be used with snapshots)
+# (defaults to false for default template)
+#encrypted = false
 
 ## Scaling settings
 #[scaling custom]
diff --git a/cloudformation/cfncluster.cfn.json b/cloudformation/cfncluster.cfn.json
index 06b06a8ab4..0c6a86096a 100644
--- a/cloudformation/cfncluster.cfn.json
+++ b/cloudformation/cfncluster.cfn.json
@@ -309,6 +309,16 @@
       "Description" : "Postinstall script args passed to the postinstall script.",
       "Type" : "String",
       "Default" : "NONE"
+    },
+    "EBSEncryption" : {
+      "Description" : "Boolean flag to use EBS encryption for /shared volume. (Not to be used for snapshots)",
+      "Type" : "String",
+      "Default" : "false",
+      "ConstraintDescription" : "true/false",
+      "AllowedValues" : [
+        "true",
+        "false"
+      ]
     }
   },
   "Conditions" : {
@@ -434,6 +444,14 @@
         },
         "cluster"
       ]
+    },
+    "UseEBSEncryption" : {
+      "Fn::Equals" : [
+        {
+          "Ref" : "EBSEncryption"
+        },
+        "true"
+      ]
     }
   },
   "Mappings" : {
@@ -1671,6 +1689,17 @@
               "Ref" : "AWS::NoValue"
             }
           ]
+        },
+        "Encrypted" : {
+          "Fn::If" : [
+            "UseEBSEncryption",
+            {
+              "Ref" : "EBSEncryption"
+            },
+            {
+              "Ref" : "AWS::NoValue"
+            }
+          ]
         }
       }
     }