Earlier, we have seen options to recover SSH keys to EC2 instances whose keys are lost or compromised but those were EBS based
EBS EC2 Instances:
If the requirement is to preserve data, retain against failures, instance stop and/or termination, then we need to go for EBS Volume based instances where volumes can be backed up and stored in s3.
Instance stored EC2 Instances:
If we are good with non-persistent, a temporary storage were in data will be lost once instances are stopped, terminated or for hardware failures, then use instance-store EC2s
Pre-requisites:
- AWS account login access
- permissions to launch instance stored instance
Getting Started:
- Login to the AWS EC2 Console
- Launch an Instance stored EC2 instance
- Instance stored instance type m5ad.large has been launched to demo
- Profile Role which has 'AmazonEC2RoleforSSM' has been attached
- AMI2 image has been used so that AWS Systems Manager client is available and running, by default
- Just to know, that SSM is running and instance profile attached should list the EC2 under 'AWS Systems Manager -> Managed Instances'
- Let us assume the keys are lost for above instance
- If instances are EBS backed, then those volumes can be detached, attached to an EC2 for which we own key pair, copy keys into newly attached volume, re-attach to the 'to-be-recovered' instance
- Above option cannot be done against Instance-store EC2 as volumes are attached to the instance and destroyed on stop, terminate or hardware failures
- From 'AWS Systems Manager console -> Session Manager' all instances are listed which are SSM enabled; now click on 'Start Session'
- A browser based SSH connection is established for the instance id and thus we are connected at ease
Easy connect with AWS Session Manager !!!
No comments:
Post a Comment