Introduction
Problem
When running a Terraform plan or apply using the AWS provider to launch an EC2 instance with a Launch Template, you may encounter the following error:-
"message" : "You are not authorized to launch instances with this launch template. Encoded authorization failure message:-
Cause
This error originates from AWS IAM policies or launch template configuration and is not caused by Terraform itself. It generally indicates that the AWS credentials or role being used by Terraform lack permission to use the specified launch template, or that the template has restrictions (such as being owned by another account or region-specific settings).
Solutions:
🔍 Important: To view the full error details, enable TRACE-level logging in Terraform to capture detailed AWS API responses.
Steps to Enable TRACE Logs in Terraform Cloud/Enterprise:
- Go to your Terraform workspace > Variables.
- Add the following environment variable:
- Key:
TF_LOG - Value:
TRACE - Type: Environment Variable
- Key:
- Re-run the Terraform plan or apply.
This will generate more detailed logs to help pinpoint the issue.
Next Steps:-
Since the error is returned directly by AWS, you’ll need to:
- Open a support ticket with AWS and provide them with:
- The full error message from the Terraform execution.
- The launch template ID being used.
- The IAM role or user ARN used during the Terraform run.
- Relevant TRACE logs from Terraform showing the failed API call.
AWS Support will be able to identify the root cause—such as missing permissions like ec2:RunInstances with LaunchTemplate support or account-level restrictions.
Outcome
This is not a Terraform-related issue but an authorization problem within AWS. Terraform simply surfaces the AWS API error during execution. Work with AWS Support to resolve the permissions or policy conflicts related to your Launch Template.