[Linux] 3 ways to regain access to AWS EC2 instance in case you lost your private key
By Vimal Paliwal,Dec 17, 2018
In this blog, I will show you multiple ways you can recover your instance in case you loose your private key.
Scenario:
Let's assume you have an EC2 instance which is running your wordpress site and you have accidently deleted the private key associated with that EC2 instance.
Let's switch to the AWS console where I already have a stopped EC2 instance whose private key is missing.
Method 1 - Volume Swap:
Vlog:
I have created a new EC2 instance with Amazon Linux as an AMI but you are free to choose any linux distribution of your choice. Make sure you create/use a different key for this instance.
Once the instance is running, click on Volumes from the left panel.
You need to detach the volume of WordPress EC2 instance and attach it to the new EC2 instance.
Now, you have to SSH into the new instance and mount the WordPress volume to this instance.
I'm going to list all the volumes attached to EC2 instance using the command lsblk. You will see that we have a disk named xvdf which is not yet mounted.
I have created a directory vol in my home directory for mounting the volume. To mount use the command: sudo mount -o nouuid /dev/xvdf1 vol/
I have switched to vol/home/ec2-user/.ssh/ to avoid typing path every time.
You now have to replace the authorized_keys of WordPress instance with Recovery instance authorized_keys file.
sudo cp ~/.ssh/authorized_keys .
It's now time to unmount the volume and attach it back to the WordPress instance.
sudo umount /dev/xvdf1
You now need to detach the volume from Recovery instance and re-attach to WordPress instance.
You now need to detach the volume from Recovery instance and re-attach to WordPress instance.
Note: While attaching the volume to WordPress instance make sure you use the path /dev/xvda
Finally, start the WordPress instance and SSH using the new key.
Method 2 - Via AMI:
Vlog:
Select the WordPress Instance > click on Actions > Create Image
After few seconds . . . . . . . .
You can now launch an instance with a new/different key using the AMI we just created and terminate the older one.
Boom!! You now have access to your instance.
Method 3 - Via Systems Manager:
Vlog:
Note: This method requires AWS Systems Manager Agent pre-installed on EC2 instance.
First of all you need to attach AmazonEC2RoleforSSM policy to the WordPress instance so that Systems Manager can access the instance.
Let's navigate to IAM service and create a role.
You need to attach the role to WordPress instance.
Now, switch to Systems Manager service and click on Session Manager from the left panel.
Select the instance and click on Start Session.
A new tab/window will open with terminal to the WordPress instance.
Now, you need to generate a new SSH Key Pair and save the public key into ~/.ssh/authorized_keys file.
Boom!! You can now access the instance using new private key.
Note: Do not forget to update the permission of pem file if you are using Linux/Mac for SSH access.