Recovering Access to an Amazon Linux EC2 Instance | Step-by-Step Guide

Recovering Access to an Amazon Linux EC2 Instance

Question

You've accidentally deleted the private key for an EBS-backed Amazon Linux EC2 instance.

You want to regain access to your instance.

What steps must you perform to resolve this issue (Select TWO)?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

Answer: A and B.

Option A is CORRECT because you must generate a new key pair as a first step to reconnect to a Linux instance on AWS.

Option B is CORRECT because you must attach the root volume to another recovery EC2 instance.You must then copy the new public key to the /home/ec2-user/.ssh/authorized_keys file.

Option C is incorrect because http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key returns the public key associated with the instance.

Option D is incorrect because this imports an existing key pair into the AWS console.

It does not import the public key to an EC2 instance.

Option E is incorrect because there is no Recovery Mode option available for connecting back to the EC2 Linux instance with a lost private key.

Reference:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/replacing-lost-key-pair.html

To regain access to an EC2 instance whose private key has been accidentally deleted, the following two steps must be performed:

  1. Generate a new key pair: A new key pair should be generated and the public key should be added to the instance's authorized_keys file. This can be done in the following ways:

    • If the instance was launched with an IAM role, you can use the instance profile to get temporary credentials and access the instance to update the authorized_keys file.
    • If the instance was not launched with an IAM role, you will need to stop the instance, detach its root volume, and attach the volume to another running instance. You can then update the authorized_keys file on the mounted volume with the new public key. After updating, detach the volume and re-attach it to the original instance and start it.
  2. Attach root volume to another instance and update the authorized_keys file: If you don't have a backup of the private key, you can stop the instance, detach its root volume, attach the volume to another running instance, and then update the authorized_keys file on the mounted volume with the new public key. After updating, detach the volume and re-attach it to the original instance and start it.

Therefore, options A and B are the correct answers. Options C, D, and E are incorrect.

Option C is incorrect because the curl command retrieves the instance's public key and not the private key.

Option D is incorrect because importing a new key pair does not help regain access to an instance whose private key has been deleted.

Option E is incorrect because recovery mode is used to troubleshoot issues with instances that cannot be accessed via SSH, not for instances whose private key has been deleted.