I’m using the server-group module from module-asg. I’m trying to use an AMI that I have encrypted with my master key created using the kms-master-key. I can’t launch an instance from the ASG that server-group creates due to: “Client.InternalError: Client error on launch”.
My research on this suggests I need to allow CreateGrant to a resource or role. I haven’t found the magic to make this work. Anyone know how to configure the proper permissions to allow me to boot an encrypt boot volume?