Unable to launch autoscaling group using launch template

[au78]

Terraform Version

terraform - 0.11.7
provider.aws - 1.19.0

Affected Resource(s)

• aws_launch_template

Terraform Configuration Files

# Launch Template config used by cloudformation stack below
resource "aws_launch_template" "mymodule_launch_template" {
  name_prefix                          = "mymodule-lt-"
  image_id                             = "mymodule-ami"
  instance_initiated_shutdown_behavior = "terminate"
  instance_type                        = "m4.xlarge"
  vpc_security_group_ids               = ["group1", "group2"]

  block_device_mappings {
    device_name = "/dev/xvds"

    ebs {
      volume_type = "io1"
      volume_size = "100"
      iops        = "3000"
      encrypted   = false
    }
  }

  iam_instance_profile {
    name = "my_iam_profile"
  }
}
==============================================================
# Cloudformation stack used launch template defined above
resource "aws_cloudformation_stack" "mymodule_asg" {
  name          = "mymodule-stack"
  depends_on    = ["aws_launch_template.mymodule_launch_template"]

  lifecycle {
    create_before_destroy = true
  }

  template_body = <<EOF
{
  "Resources": {
    "${local.resource_name}": {
      "Type": "AWS::AutoScaling::AutoScalingGroup",
      "Properties": {
        "VPCZoneIdentifier": ${jsonencode(var.subnet_ids)},
        "LaunchTemplate": {
          "LaunchTemplateId": "${aws_launch_template.mymodule_launch_template.id}"
        },
        "MaxSize": ${var.number_of_instances},
        "MinSize": ${var.number_of_instances},
        "DesiredCapacity": ${var.number_of_instances},
        "LoadBalancerNames": ["${aws_elb.mymodule_elb.id}"],
        "TerminationPolicies": ["OldestLaunchConfiguration", "OldestInstance"],
        "HealthCheckType": "ELB",
        "HealthCheckGracePeriod" : ${var.instance_health_grace_period_secs},
        "Tags" : ${jsonencode(local.module_tag_list)}
      },
      "CreationPolicy" : {
        "AutoScalingCreationPolicy" : {
          "MinSuccessfulInstancesPercent" : 100
        },
        "ResourceSignal" : {
          "Count" : ${var.number_of_instances},
          "Timeout" : "PT${var.creation_timeout_mins}M"
        }
      },
      "UpdatePolicy": {
        "AutoScalingRollingUpdate": {
          "MinInstancesInService": 1,
          "MaxBatchSize": 1,
          "PauseTime": "PT${var.instance_upgrade_timeout_mins}M",
          "WaitOnResourceSignals" : true
        }
      }
    }
  },
  "Outputs": {
    "AsgName": {
      "Description": "The name of the auto scaling group",
       "Value": {"Ref": "mymoduleAsg"}
    }
  }
}
EOF
}

Panic Output

Expected Behavior

launch template should have been created successfully

Actual Behavior

2018/05/18 00:10:12 [ERROR] root.mymodule: eval: *terraform.EvalApplyPost, err: 1 error(s) occurred:

* aws_cloudformation_stack.mymodule_asg: ROLLBACK_COMPLETE: ["The following resource(s) failed to create: [TfEsTestClusterAsg]. . Rollback requested by user." "You must use a valid fully-formed launch template. the encrypted flag cannot be specified since device /dev/xvds has a snapshot specified."]
2018/05/18 00:10:12 [ERROR] root.mymodule: eval: *terraform.EvalSequence, err: 1 error(s) occurred:

* aws_cloudformation_stack.mymodule_asg: ROLLBACK_COMPLETE: ["The following resource(s) failed to create: [TfEsTestClusterAsg]. . Rollback requested by user." "You must use a valid fully-formed launch template. the encrypted flag cannot be specified since device /dev/xvds has a snapshot specified."]
2018/05/18 00:10:12 [TRACE] [walkApply] Exiting eval tree: module.mymodule.aws_cloudformation_stack.mymodule_asg

Error: Error applying plan:

1 error(s) occurred:

* module.mymodule.aws_cloudformation_stack.mymodule_asg: 1 error(s) occurred:

* aws_cloudformation_stack.mymodule_asg: ROLLBACK_COMPLETE: ["The following resource(s) failed to create: [TfEsTestClusterAsg]. . Rollback requested by user." "You must use a valid fully-formed launch template. the encrypted flag cannot be specified since device /dev/xvds has a snapshot specified."]

Steps to Reproduce

1. terraform apply

Important Factoids

• The AMI used is a custom AMI that is created using packer. This AMI add a block device called /dev/xvds. But encryption has been turned off.
• Autoscaling group is uses the custom AMI to launch an ec2 instance.

References

Checked the following similar issues but none helped... thus opening this new ticket

• Error Creating AWS Launch Template using block_device_mappings with EBS #4356

[djdevin]

Same issue here #4553

[bflad]

Thanks for this report @au78 and sorry you're having trouble. Let's consolidate discussion and efforts in the earlier bug report: #4553

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!