top of page
Green Juices

Recovering Access to Your AWS EC2 Instance After Losing the Key Pair

Losing the key pair of your Amazon Web Services (AWS) EC2 instance can be a frustrating experience, as it prevents you from accessing your instance through SSH. However, there is a way to recover access without terminating the instance or losing data.


In this comprehensive guide, we will walk you through the process of regaining access to your AWS EC2 instance after losing its key pair.




Table of Contents:

  1. Overview of AWS EC2 Key Pairs

  2. Prerequisites for Regaining Access

  3. Step-by-Step Guide to Recover Access 3.1. Create a New Key Pair 3.2. Stop the Affected Instance 3.3. Detach the Root Volume 3.4. Launch a Temporary Instance 3.5. Attach the Root Volume to the Temporary Instance 3.6. Modify the Authorized Keys File 3.7. Detach the Root Volume and Reattach It to the Original Instance 3.8. Terminate the Temporary Instance

  4. Conclusion

1. Overview of AWS EC2 Key Pairs:


AWS EC2 instances use key pairs to securely access the instances. A key pair consists of a public key and a private key. The public key is stored on the EC2 instance, while the private key is downloaded and stored locally by the user. When you connect to your instance, your SSH client uses the private key to prove your identity, allowing access to the instance.


2. Prerequisites for Regaining Access:

Before attempting to regain access to your EC2 instance, ensure that you have the following:

a. An active AWS account with appropriate permissions to manage EC2 instances.

b. Basic knowledge of AWS Management Console and SSH.


3. Step-by-Step Guide to Recover Access:


3.1. Create a New Key Pair:

First, you will need to create a new key pair that will be used to access your EC2 instance.

  1. Log in to the AWS Management Console and navigate to the EC2 Dashboard.

  2. In the left sidebar, click on "Key Pairs."

  3. Click on "Create key pair" and give it a name.

  4. Choose the "pem" file format and click "Create key pair."

  5. Your browser will download the new private key file (.pem). Store it in a secure location and set the appropriate file permissions.

3.2. Stop the Affected Instance:

  1. Navigate to the EC2 Dashboard and click on "Instances" in the left sidebar.

  2. Select the instance you cannot access due to the lost key pair.

  3. Click on "Actions" and then "Instance State" > "Stop." Confirm when prompted. This will stop the instance.

3.3. Detach the Root Volume:

  1. In the EC2 Dashboard, click on "Volumes" in the left sidebar.

  2. Locate the root volume of the affected instance (check the "Attachment Information" column).

  3. Select the volume, click on "Actions," and then "Detach Volume." Confirm when prompted.

3.4. Launch a Temporary Instance:

  1. Navigate to the EC2 Dashboard and click on "Instances" in the left sidebar.

  2. Click on "Launch Instance" and choose an Amazon Linux 2 AMI.

  3. Follow the instance creation steps, but make sure to select the new key pair you created in Step 3.1.

  4. Launch the temporary instance.

3.5 Attach the Root Volume to the Temporary Instance:

  1. Navigate to the EC2 Dashboard and click on "Volumes" in the left sidebar.

  2. Locate the detached root volume from the affected instance.

  3. Select the volume, click on "Actions," and then "Attach Volume."

  4. In the "Attach Volume" dialog, select the temporary instance and choose an available device (e.g., /dev/sdf). Click "Attach."

3.6. Modify the Authorized Keys File:

  1. Connect to the temporary instance via SSH using the new key pair created in Step 3.1.

  2. Mount the attached root volume to a directory (e.g., /mnt/recovered-root) using the following command:

sudo mkdir /mnt/recovered-root

sudo mount /dev/xvdf1 /mnt/recovered-root

  1. Navigate to the mounted directory and locate the authorized_keys file, usually found at /mnt/recovered-root/home/ec2-user/.ssh/authorized_keys.

  2. Open the authorized_keys file with a text editor (e.g., nano or vim) and replace the existing public key with the public key of your new key pair. Save and exit the text editor.

  3. Unmount the root volume using the following command:

sudo umount /mnt/recovered-root


3.5. Attach the Root Volume to the Temporary Instance:

  1. Navigate to the EC2 Dashboard and click on "Volumes" in the left sidebar.

  2. Locate the detached root volume from the affected instance.

  3. Select the volume, click on "Actions," and then "Attach Volume."

  4. In the "Attach Volume" dialog, select the temporary instance and choose an available device (e.g., /dev/sdf). Click "Attach."

3.6. Modify the Authorized Keys File:

  1. Connect to the temporary instance via SSH using the new key pair created in Step 3.1.

  2. Mount the attached root volume to a directory (e.g., /mnt/recovered-root) using the following command:

bashCopy code
sudo mkdir /mnt/recovered-root
sudo mount /dev/xvdf1 /mnt/recovered-root
  1. Navigate to the mounted directory and locate the authorized_keys file, usually found at /mnt/recovered-root/home/ec2-user/.ssh/authorized_keys.

  2. Open the authorized_keys file with a text editor (e.g., nano or vim) and replace the existing public key with the public key of your new key pair. Save and exit the text editor.

  3. Unmount the root volume using the following command:

bashCopy code
sudo umount /mnt/recovered-root

3.7. Detach the Root Volume and Reattach It to the Original Instance:

  1. In the EC2 Dashboard, click on "Volumes" in the left sidebar.

  2. Locate the root volume attached to the temporary instance.

  3. Select the volume, click on "Actions," and then "Detach Volume." Confirm when prompted.

  4. Once the volume is detached, click on "Actions" again, and then "Attach Volume."

  5. In the "Attach Volume" dialog, select the original instance and use the original device (e.g., /dev/sda1 or /dev/xvda). Click "Attach."

3.8. Terminate the Temporary Instance:

  1. Navigate to the EC2 Dashboard and click on "Instances" in the left sidebar.

  2. Select the temporary instance.

  3. Click on "Actions" and then "Instance State" > "Terminate." Confirm when prompted. This will terminate the temporary instance.



Conclusion:


By following the steps outlined in this guide, you can regain access to your AWS EC2 instance even if you've lost the original key pair. The process involves creating a new key pair, detaching and attaching the root volume, and modifying the authorized_keys file on a temporary instance.


Always remember to keep your key pairs secure and create backups to avoid similar situations in the future. AWS EC2 is a powerful cloud computing service, and understanding how to manage instances and recover access when needed is crucial for maintaining the security and stability of your cloud infrastructure.




Comments


bottom of page