Terraform AWS EC2 Instance stops installing remote commands because of Ubuntu Kernel Upgrade

Question

I'm trying to boot up an EC2 instance on AWS using Terraform. So far the config is good and the instance works. SSH into the instance also works through Terraform security groups etc.

However I want to install some commands via remote-exec provisioner in Terraform as non-interactive mode.

This partially works, until i get hit randomly by this "pending kernel upgrade" popup. The Terraform then freezes and waits forever because it requires user input.

How can I set to ignore this message?

Here is my aws.tf:

# EC2 instance
resource "aws_instance" "spring_boot_server" {
    ami           = var.ami_ubuntu_22_04_lts
    instance_type = var.instance_type
tags = {
    Name = "SpringBootServer-${local.project_name}"
}

# Add a reference to the security group created below
security_groups = [aws_security_group.allow_ssh.name]

# To be able to SSH into this instance
key_name = var.ssh_key_name

connection {
    type        = "ssh"
    user        = "ubuntu"
    private_key = file("~/.aws/aws/keypairs/devops.pem")
    host        = self.public_ip
}

provisioner "remote-exec" {
    inline = [
        # Update package lists and upgrade packages without prompts
        "sudo apt update -y",
        "sudo apt upgrade -y",

        # Add and install Adoptium OpenJDK repository without prompts
        "wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | sudo tee /etc/apt/keyrings/adoptium.asc > /dev/null",
        "echo \"deb [signed-by=/etc/apt/keyrings/adoptium.asc] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main\" | sudo tee /etc/apt/sources.list.d/adoptium.list > /dev/null",
        "sudo apt update -y",

        # Install Java JDK 17 without prompts and print installed Java version
        "sudo apt install temurin-17-jdk -y",
        "java --version",

        # Add and install Jenkins repository without prompts
        "curl -fsSL https://pkg.jenkins.io/debian-stable/jenkins.io-2023.key | sudo tee /usr/share/keyrings/jenkins-keyring.asc > /dev/null",
        "echo deb [signed-by=/usr/share/keyrings/jenkins-keyring.asc] https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list > /dev/null",
        "sudo apt-get update -y",

        # Install Jenkins without prompts
        "sudo apt-get install jenkins -y",

        # Start Jenkins service and print the status to verify that it has started
        "sudo systemctl start jenkins",
        "sudo systemctl status jenkins",

        # Print the initial Jenkins password
        "sudo cat /var/lib/jenkins/secrets/initialAdminPassword",
    ]
}

}
Create a security group to allow SSH access
resource "aws_security_group" "allow_ssh" {
    name        = "allow-ssh"
    description = "Allow SSH inbound traffic"
## SSH inbound rule
ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
}

# Jenkins (port 8080) inbound rule
ingress {
    from_port   = 8080
    to_port     = 8080
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
}

# Outbound rule for all traffic (0.0.0.0/0 means allow all outbound traffic)
egress {
    from_port = 0
    to_port   = 0

    # This indicates all protocols
    protocol = "-1"

    cidr_blocks = ["0.0.0.0/0"]
}

}