4.4.0-1049-aws incompatible w/ LUKS encryption, instances fail to boot

aws instances that have encrypted drives in their /etc/fstab will not boot with 4.4.0-1049-aws installed:

environment:
4.4.0-1049-aws
cryptsetup/xenial,now 2:1.6.6-5ubuntu2 amd64 [installed,upgradable to: 2:1.6.6-5ubuntu2.1]
cryptsetup-bin/xenial,now 2:1.6.6-5ubuntu2 amd64 [installed,upgradable to: 2:1.6.6-5ubuntu2.1]

What I expected to happen:
system to boot properly

What happened instead:

/var/log/syslog:
Reached target Network (Pre).
Mounted /mnt/tmpfs.
(1 of 2) A start job is running for...0n1_crypt.device (6s / 1min 30s)
(1 of 2) A start job is running for...0n1_crypt.device (7s / 1min 30s)
(1 of 2) A start job is running for...0n1_crypt.device (7s / 1min 30s)
...
(1 of 2) A start job is running for...ypt.device (1min 30s / 1min 30s)
Timed out waiting for device dev-mapper-xvdo_crypt.device.
Dependency failed for /mnt/xvdo.
Dependency failed for Local File Systems.
Dependency failed for File System Check on /dev/mapper/xvdo_crypt.
Timed out waiting for device dev-mapper-nvme0n1_crypt.device.
Dependency failed for /mnt/nvme0n1.
Dependency failed for File System Check on /dev/mapper/nvme0n1_crypt.

in AWS console system log:
Started Initial cloud-init job (metadata service crawler).
Reached target Cloud-config availability.
Reached target Network is Online.
Starting iSCSI initiator daemon (iscsid)...
Started iSCSI initiator daemon (iscsid).
Starting Login to default iSCSI targets...
Started Login to default iSCSI targets.
Reached target Remote File Systems (Pre).
Reached target Remote File Systems.
Welcome to emergency mode! After logging in, type "journalctl -xb" to view
system logs, "systemctl reboot" to reboot, "systemctl default" or ^D to
try again to boot into default mode.
Press Enter for maintenance
(or press Control-D to continue):