Auto scalling group will not accept Security Group

When a launch template is specified for an ASG a version number is specified - see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-autoscaling-autoscalinggroup-launchtemplatespecification.html. Is it possible your ASG is using an old version of the launch template?

No. I initially created the Launch Template with the SG. So when I setup the ASG it was at version 1 to begin with.

I then updated the Launch Template (version 2) with out the SG hoping that I could configure it in the ASG. So when I told the ASG to use version 2 I found I was unable to configure the SG in the ASG. So I moved the ASG back to version 1 of the template.

As a side note. When I look at the terminated EC2s the ASG tries to create they all have an error in Security about SG cannot be "". Sorry I do not have the exact message right now.

I couldn't see a reason why security group is not getting associated with the instance. Can you verify SG is in fact there for ASG in the 'Launch Template' section. Security Group may have just - (dash) but there should be an id listed under "Security group IDs". Looks fine when I tested it. SG was associated with instance. I even tried removing SG and let ASG add one more instance when SG associated with ASG does not exist and it rightly reported error during instance launch. "Launching a new EC2 instance. Status Reason: The security group 'sg-0888ac0884e71f175' does not exist in VPC. Launching EC2 instance failed." Somehow couldn't reproduce the error you are seeing. Just try creating new ASG from Launch template and see "Security group IDs" has SG ID mentioned there.

My problem what that my EBS was encrypted but the KMS key was not allowing the ASG to decrypt the EBS.

I created a new key and gave it permissions for ASG. This allowed the ASG to bring up the instance.