Connect to EC2 Instance | Troubleshoot Jenkins Server Configuration | AWS DevOps Engineer

Correct Answer - C.

Option A is incorrect: Because after the instance is created, you cannot directly change the SSH key pair.

Option B is incorrect: Because the AWS Systems Manager agent needs to be installed in the instance for the Session Manager.

If the agent is not installed in the instance, this method does not work.

Option C is CORRECT: This is the recommended method for EBS volume backed EC2 instance.

In order to use the new SSH key pair, the authorized_keys file needs to be modified.

Option D is incorrect: Because the existing launch configuration cannot be modified.

And in this scenario, Auto Scaling Group may not be used.

Reference:

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair

In this scenario, the SSH private key for an EBS volume backed EC2 instance has been lost, making it difficult to connect to the instance and perform troubleshooting. To connect to the instance, we need to consider the following options:

A. Create a new key pair in the AWS console or via ssh-keygen. Configure the instance to use the new SSH key pair. This option involves creating a new SSH key pair in the AWS console or via ssh-keygen and configuring the instance to use the new key pair. This can be done by modifying the instance's security group rules to allow SSH access using the new key pair. However, this option may not be feasible if the instance is located in a private subnet with no public IP or if there are strict security policies that prohibit the use of new SSH keys.

B. Use AWS Session Manager in Systems Manager to connect to the instance directly. No agent or configuration is required to start a session. AWS Session Manager is a fully managed service that provides secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. By using AWS Session Manager, we can connect to the instance directly without the need for a private key. This option is ideal when SSH access is not available, and it is considered a best practice for secure remote access.

C. Detach the root volume, attach it to another instance as a data volume, modify the authorized_keys file to include the new SSH public key and move the volume back. This option involves detaching the root volume from the affected instance, attaching it to another instance as a data volume, modifying the authorized_keys file to include the new SSH public key, and moving the volume back to the original instance. This option is feasible but involves additional steps and may result in downtime for the affected instance.

D. In the launch configuration, configure a new SSH key pair and add a new instance by enlarging the desired number of instances in the AS. This option involves configuring a new SSH key pair in the launch configuration and adding a new instance by enlarging the desired number of instances in the Auto Scaling group (AS). However, this option may not be feasible if the instance is not in an AS or if there are no available resources in the AS.

E. Log in to the new instance using the new key. This option involves logging in to a new instance using the new SSH key pair, which may not be feasible if the affected instance is the only instance available, or if there are no available resources to launch a new instance.

Overall, the best option in this scenario would be to use AWS Session Manager in Systems Manager to connect to the instance directly, as it provides secure and auditable instance management without the need for a private key.