Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

EC2 creation failure with terraform

0

Im trying to create instance with asg using launch template. I can able to create instance with the launch template directly But when i tried to create with autoscaling group it is failing saying Failed to describe volume vol-08e7d0edasdfd.... The volume 'vol-08e7d0edasdfd....' does not exist. with also below image 2

Topics
Compute
Tags
Amazon EC2
Language
English
asked 10 months ago217 views
3 Answers
1
Accepted Answer

Check the Launch Template:

If you explicitly referenced a specific EBS volume (like volume_id = "vol-08e7..."), remove that and instead let Terraform create a new one via ebs_block_device using a snapshot or AMI.

Make sure no hardcoded volume IDs are in your Launch Template.

Fix KMS Permissions: If you're using a customer-managed KMS key to encrypt EBS volumes: Go to the KMS Console, find the key, and check the Key policy. Ensure it includes permissions for:

"kms:CreateGrant", "kms:Decrypt", "kms:DescribeKey", "kms:GenerateDataKeyWithoutPlainText", "kms:ReEncrypt*"

Also ensure it grants access to the EC2 service role or the ASG role. For example:

"Principal": { "Service": "ec2.amazonaws.com" }

Check Auto Scaling Role Permissions:

The IAM role used by your ASG or instance profile should have the above kms:* actions if using encrypted volumes.

Verify the AMI:

If the AMI used in the launch template refers to encrypted snapshots, ensure those snapshots use accessible KMS keys.

Terraform Tip: If you’ve changed the launch template or KMS settings, run:

terraform taint aws_launch_template.your_template_name terraform apply This forces Terraform to recreate the launch template cleanly with the right setup.

Alternative Debug Tip If this still fails, try launching an instance manually from the same Launch Template via the console. AWS will often give clearer error messages in the EC2 console than Terraform.

Root Cause The error indicates that your EC2 instance launch is failing due to an inaccessible or missing encrypted EBS volume, specifically because: The volume is encrypted with a KMS key that your Auto Scaling Group (ASG) does not have permission to use, or The volume was manually referenced or reused in a Launch Template but doesn’t exist anymore (The volume 'vol-08e7d0edasdfd....' does not exist).

This often happens when: You reused an AMI or launch template that references an existing volume or snapshot with a custom KMS key. The KMS key doesn’t grant permissions to the ASG/EC2 service role.

Or, you deleted the referenced EBS volume or the snapshot used to create it.

answered 10 months ago
EXPERT
reviewed 10 months ago
0

This error indicates an issue with the block device mappings in your launch template when used with Auto Scaling. While the launch template works for direct EC2 instance creation, Auto Scaling groups may handle certain configurations differently.

The error "The volume does not exist" suggests that the Auto Scaling service is trying to reference a volume that isn't available. This could be happening for a few reasons:

  1. Block device mapping issues: Your launch template might contain block device names that are not available or supported in the context of Auto Scaling. Device names that work for direct EC2 launches might not work properly when used with Auto Scaling.

  2. NoDevice parameter issues: If your launch template includes a "NoDevice" parameter with a value of "true", this can cause issues specifically when launching through Auto Scaling. This parameter is used to suppress devices mapped in the AMI's block device mapping.

  3. AMI availability: If you recently created the AMI used in your launch template, it might not be fully available yet when Auto Scaling tries to use it.

To resolve this issue:

  1. Verify the block device mappings in your launch template. Check that all device names are valid and supported.

  2. Review your storage configuration in the launch template, particularly looking for any "NoDevice" settings that might need adjustment.

  3. If you recently created the AMI, ensure it's fully available before using it with Auto Scaling.

  4. Try creating a test EC2 instance manually (not through Auto Scaling) using the exact same configuration, and use the describe-volumes command to see how the volumes are exposed to the instance.

  5. Create a new version of your launch template with corrected block device mappings based on your findings, then update your Auto Scaling group to use this new version.

Sometimes configurations that work for direct EC2 launches need slight adjustments when used with Auto Scaling due to differences in how parameters are interpreted and applied.
Sources
Troubleshoot Amazon EC2 Auto Scaling: EC2 instance launch failures - Amazon EC2 Auto Scaling
Why when I try to create an instance from a template, I get the error "The value 'NoDevice' ("true") is not valid. Please create a new launch template version with a valid value." ? | AWS re:Post
Troubleshoot Amazon EC2 Auto Scaling: AMI issues - Amazon EC2 Auto Scaling

answered 10 months ago
EXPERT
reviewed 10 months ago
0

The EC2 instance role or user lacks decrypt permissions for the KMS key. Make sure the IAM role her permissions to decrypt the key. If the KMS has resource policy, make sure it allows the IAM role to access the KMS key.

EXPERT
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content