ResourceNotReady: failed waiting for successful resource state in packer

I have started using packer for 3 months and I have managed to build packer AMI successfully by using source AMI from amazon (owner). Suddenly I have a requirement or standard to follow as per organization policies to change source AMI from amazon to our customized golden AMI which is shared from another AWS account. Now there is a problem using this AMI as a source for the packer build I am getting this below error.

Note: organization also shared CMK for this AMI(Not sure how to use it, CMK/KMS looks like arn:aws:kms:us-east-1:account_id:key/bbxxxx-xxxx-xxxx-xxx-xxxxxxxx5)

==> example-packer.amazon-ebs.example: Error waiting for instance (i-xxxxxxxxxxf) to become ready: ResourceNotReady: failed waiting for successful resource state

==> example-packer.amazon-ebs.example: Instance state change details: Client.InternalError: Client.InternalError: Client error on launch

my configuration looks like

source "amazon-ebs" "example" {
  ami_name             = "${local.prefix}${var.image_name}-{{timestamp}}"
  ami_description    = ""
  access_key         = "${var.access_key}"
  secret_key         = "${var.secret_key}"
  token              = "${var.session_token}"
  instance_type      = "m5d.8xlarge"
  region             = "us-east-1"
  vpc_id             = "${local.VPC_ID}"
  subnet_id          = "${local.PUBLIC_SUBNET}"
  security_group_id  = "${local.SECURITY_GROUP}"
  ssh_timeout        = "10m"
  ssh_interface      = "private_ip"
  communicator       = "ssh"
  ssh_bastion_host   = "ip"
  ssh_bastion_username = "user_name"
  ssh_bastion_private_key_file = "~/.ssh/id_rsa"

Our golden AMI which is shared from another AWS account has 3 block devices(/dev/xvda=snap-xxxxxxx:10:true:gp2:encrypted , /dev/xvdb=snap-xxxxxxx:20:true:gp2:encrypted , /dev/xvdh=snap-xxxxxxxx:10:true:gp2:encrypted) and a root device(/dev/xvda) attached to the AMI which is encrypted. I have that KMS key id. Is this the encrypted volume causing the failure in the resource state?

Q1.I am using role_arn for executing this packer build through the GitLab pipeline. Is there something here to add to the role policy to pick up the KMS_ID/ARN?

Q2. I have tried using launch_block_device_mappings as below (No idea about the usage)

launch_block_device_mappings {
    device_name = "/dev/xvda"
    encrypted = true
    kms_key_id = "bbxxxx-xxxx-xxxx-xxx-xxxxxxxx5"
}

launch_block_device_mappings {
    device_name = "/dev/xvdb"
    encrypted = true
    kms_key_id = "bbxxxx-xxxx-xxxx-xxx-xxxxxxxx5"
}

launch_block_device_mappings {
    device_name = "/dev/xvdh"
    encrypted = true
    kms_key_id = "bbxxxx-xxxx-xxxx-xxx-xxxxxxxx5"
}

But the error remains the same here.

Goal: Here my aim is to take golden ami as source ami and on top of that I want to install some packages after installing my requirements then packer should create an AMI for further use.If i switch back to amazon ami it works fine.

Thanks in advance.