An associated key pair ( private key and a public key) is necessary to access EC2 instance securely. In case you have lost or corrupted the key pair, here’s how you can regain access to AWS EC2 Linux instance.
Let’s assume that the EC2 instance running contains a website but you have lost the key pair that is associated with the EC2 instance. And here we will show the two easiest ways to regain access to AWS Linux EC2 instances.
- By using an Amazon Machine Image (AMI)
- By swapping the volume of the EC2 instance
By using an AMI
An Amazon Machine Image (AMI) is the exact copy of the settings and configuration of an EC2 instance. We can create an AMI from an existing running instance.
In this method, we don’t have to stop the running EC2 instance.
1. The first step is to create an Amazon Machine Image of our primary web server EC2 instance.
Select the instance > Actions > Image and templates > Create image
Now provide the necessary details like image name, and description and create the image.
2. Now we can deploy a new instance by using the customized image that we have created.
Follow the steps below to deploy a new instance by using the customized AMI.
- Login to the AWS console and navigate to the instances page.
- Click on Launch an instance and provide the new instance name.
- Now click on the option My AMIs and select the AMI we have created.
- Also create a new key pair for the new instance.
- Now click on the button “Launch instance” to create the new web server instance.
- We can now access the new web server instance using the new key pair and terminate the old instance.
This approach does not involve the retrieval of the key pair for the initial instance. Rather, it entails the customization of an image of the web server and the subsequent launch of a new web server that replicates the previous instance, albeit with a new key pair.
By swapping the volume of the EC2 instance
This approach entails the regeneration of a new SSH key pair and its attachment to the EC2 instance in order to restore its functionality. However, a major drawback of this method is that it requires the instance to be halted, thereby causing a service interruption.
For this demonstration, I’ve deployed two EC2 instances with different key pairs.
- Instance1: maininstance
- Instance2: recoveryinstance
The first step is to detach the volume of the main instance and attach it to the recovery instance.
Before detaching the volume from the main instance make a note of the root device name which is /dev/xvda in this case and the volume ID.
1. Stop the main instance and detach the root volume from it.
- Navigate to the Elastic Block Store and select volumes.
- Click on the volume ID of the main instance.
- Click on “Actions” and then “Detach volume”
2. Now we can attach the root volume of the man instance to the recovery instance.
- Navigate to the Elastic Block Store and select volumes.
- Click on the volume ID of the main instance (Detached volume of the main instance).
- Click on “Actions” and then “Attach volume”
- Select the recovery instance to attach the volume and the device name.
- And click on Attach Volume button
3. Now we have to SSH to the recover instance and mount the volume attached to the recovery instance.
- Login to the recovery instance using SSH.
- List the volumes attached to the recovery instance using lsblk command.
Here we can find a disk named xvdf which is not mounted.
- Create a directory /mnt to mount the volume.
# mkdir mnt
# mount -o nouuid /dev/xvdf1 /mnt/
Use df -h or lsblk command to verify the mount point.
4. Now switch to the directory /mnt/home/ec2-user/.ssh and replace authorized_keys with the recovery instance key.
5. Detach the volume from the recovery instance and re-attach it to the main instance.
Make sure to attach the volume to the main instance using the path /dev/xvda as previously noted.
6. Finally, we can start the main instance
You can now access the server using the new key you just made.
Need help with your servers?
