Saturday, May 2, 2020

HowTo recover lost keypair of EC2(EBS) Instance without copying keys



Last post, we have seen how to recover EC2's lost key pair. But that was a workaround where volumes needs to be detached & attached

In this post, let us see how to do it from within AWS Services Systems Manager - Automation

Pre-requisites:
  • AWS Console login console access
  • Access to launch EC2 instances and AWS Systems Manager 

Getting Started: 
  • Launch any EC2 with an non-existent key pair or the identify an EC2 whose key pair has been lost; in the below instance, acg-amz keypair is missing and let us see how to restore it. Also note that Instance Role with 'AmazonEC2RoleforSSM' has to be attached to the Instance Profile Role, that is attached to the EC2



  • From AWS Management Console, goto, Systems Manager -> Automation -> AWS Support -RescueAccess




  • Clicking on the 'AWSSupport-ResetAccess' takes to new window were in InstanceId, Instance Type, Subnet(optional) can be provided as input providers, for the automation task
  

  • There are lot of steps which includes recovering/rescuing windows instances too and those tasks will fail as part of the execution; But, we need to concentrate only on the task on hand, which is to recover LinuxInstance
 

  • Now, the recovered key will be made available in AWS Systems Manager-> Parameter Store as below along with the instance id


  • Click open this /ec2rl/openssh/<<instance-id>>/key in order to see the key pair values restored by AWSSupport-RescueAccess


  • Now copy this value, create a new file named as the lost key pair file(which is in turn attached to the EC2-wo-KP-ssm-recovery and try to connect EC2 successfully 
                                                         Happy Recovery !!


No comments:

Post a Comment