Recover Access to EC2 Instance Without SSH Key Pair | Step-by-Step Guide

NP
Nikolay PenkovJanuary 3, 2025

Create a New AMI from the Instance

In this Step-by-Step Guide you are going to learn how to regain access to the machine without significant downtime by using an Amazon Machine Image (AMI). By creating an AMI, you can launch a new instance with a fresh key pair, ensuring continued access and security. 

To begin, you need to create an AMI of your current running EC2 instance. This image will allow you to replicate the instance's environment on a new machine.

  • Log into the AWS Management Console and navigate to EC2 > Instances.
  • Locate your affected instance (the one you lost access to) and select it.
  • Click Actions > Image and templates > Create Image.
  • Provide a meaningful name for the image, such as “AMI for Instance Recovery”.
  • Review the configuration, then click Create Image.

AWS will automatically create a snapshot of the instance's root volume. This snapshot captures all of the instance's data and configurations, ensuring that when the new instance is launched, it will contain the same setup as the original.

Launch a New Instance from the AMI

Once your AMI is created, it's time to launch a new EC2 instance from it. This new instance will inherit the configurations of the original instance but will be created with a new key pair that you can control.

  • Navigate to EC2 > AMIs, and locate the AMI you just created.
  • Select the AMI and click Launch Instance.
  • In the instance configuration process, choose the appropriate instance type, security group, and network settings for the new instance.
  • When configuring the key pair, create a new key pair or select an existing one. Download and securely store the private key of the new key pair.
  • After reviewing your settings, click Launch Instance to begin the creation of the new instance.

The new instance will now be configured exactly like the original one, but with a new key pair for access.

Access the New Instance

Once the new instance is running, you can access it using the new key pair.

  • Open a terminal window on your local machine.

  • Use the following SSH command to connect to your new instance:

    1 ssh -i /path/to/new-key.pem ec2-user@<new-instance-public-ip>

  • Once logged in, verify that the data is intact and that the system is functioning as expected. Check your application logs, database, and any other necessary components to ensure that everything has been replicated correctly.

At this point, you’ve successfully recovered access to the EC2 instance, and the system is back online with minimal downtime.

Minimizing the Risk of Future Incidents

You can use the following strategies to reduce the risk of being locked out of instances in the future:

  1. Enable AWS Systems Manager: By enabling AWS Systems Manager on your instances, you can access them using Session Manager, which doesn’t require SSH keys. This provides an additional access point in case key pairs are lost.

  2. Store Backup Key Pairs: Always securely store private keys in a password-protected environment or use a dedicated key management system to ensure they are accessible when needed.

  3. Use Multiple Key Pairs: For critical instances, configure multiple key pairs, so if one is lost, you can still access the instance with an alternative key.

We use cookies

We use cookies to ensure you get the best experience on our website. For more information on how we use cookies, please see our cookie policy.