Thursday, April 30, 2020

HowTo connect or recover keys of EC2 (instance stored)

Earlier, we have seen options to recover SSH keys to EC2 instances whose keys are lost or compromised but those were EBS based

EBS EC2 Instances: 
If the requirement is to preserve data, retain against failures, instance stop and/or termination, then we need to go for EBS Volume based instances where volumes can be  backed up and stored in s3.

Instance stored EC2 Instances:
If we are good with non-persistent, a temporary storage were in data will be lost once instances are stopped, terminated or for hardware failures, then use instance-store EC2s

  • AWS account login access
  • permissions to launch instance stored instance

Getting Started:
  • Login to the AWS EC2 Console
  • Launch an Instance stored EC2 instance

    • Instance stored instance type m5ad.large has been launched to demo
    • Profile Role which has 'AmazonEC2RoleforSSM' has been attached
    • AMI2 image has been used so that AWS Systems Manager client is available and running, by default
  • Just to know, that SSM is running and instance profile attached should list the EC2 under 'AWS Systems Manager -> Managed Instances'
  • Let us assume the keys are lost for above instance
  • If instances are EBS backed, then those volumes can be detached, attached to an EC2 for which we own key pair, copy keys into newly attached volume, re-attach to the 'to-be-recovered' instance
  • Above option cannot be done against Instance-store EC2 as volumes are attached to the instance and destroyed on stop, terminate or hardware failures 
  • From 'AWS Systems Manager console -> Session Manager' all instances are listed which are SSM enabled; now click on 'Start Session'
  • A browser based SSH connection is established for the instance id and thus we are connected at ease
                                      Easy connect with AWS Session Manager !!!

No comments:

Post a Comment