Recovery from lost EC2 PEM file: Difference between revisions

From Cramsession
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials
(Created page with "Step 1: Before Starting, we must have to note down the original instance availability zone (us-east-1a), Instance name and id you can find this on EC2 dashboard after selecting your instance. Step 2: Launch a new instance with same availability zone (AZ) as we note down before you can select Availability Zone (AZ) at 3rd step (Configure Instance) while creating an instance. Step 3 : At last while we are launching instance we will see the key-pair section (at la...")
 
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
Step 1:
=Introduction=


Before Starting, we must have to note down the original instance availability zone (us-east-1a), Instance name and id you can find this on EC2 dashboard after selecting your instance.
This 10-step process will enable access to an EC2 instance you have lost access to.


Step 2:
This assumes basic AWS / Linux knowledge.


Launch a new instance with same availability zone (AZ) as we note down before you can select Availability Zone (AZ) at 3rd step (Configure Instance) while creating an instance.


==Take notes==


Note down the AZ of the problem server, its instance name, and the ID of the root volume.


Step 3 :


At last while we are launching instance we will see the key-pair section (at last) from there we have an option for creating and downloading a new key pair and then we can launch the instance. Now we have to login with a newly created instance using new key-pair.
==Make a recovery instance==


Step 4:
Create a new instance in the same AZ
Create a new key pair for the instance and download it.
Don't lose the.PEM file again!!!


As we know each instance contain one or more EBS volumes, that is instance storage, you have find out EBS volume of lost private-key instance, for that click on Instance Description and find , ‘ Root device ‘
vol-02ee64fe9ba5c7302


==Make recovery instance accessable==


Give the recovery instance an external IP and assign security groups.


Step 5:


Now click on EBS ID this will redirect to EBS Volume page and give a name to this EBS volume so you can identify each volumes. Then we have to detach this volume from the original instance (production instance) for that we have to stop instance (left click on instance select Instance state -> click stop).
==Stop the old instance==


Step 6:
Stop the old instance.
Don't delete it!


Once production instance is stopped, detach EBS volume (left click on volume and select detach) and attach it to the newly created instance.
Note: If you didn’t find the newly created instance in Attach Instance wizard than something wrong with your Availability Zone (AZ)


Step 7:
==Detatch the root vloume==


After Attaching EBS to the newly created instance, now you are able to connect this EBS using newly created instance. For that do log in to newly created instance terminal.
Detach the root volume from the old instance
Attach it to the recovery instance - it is best to use /xvdf


Step 8:


After that we have to check whether new EBS is attached successfully or not with new instance you can check by running below command.
==Mount the root volume==
lsblk  – This command is used for determining if the volume is partitioned


use lsblk to find the root volume, it shoud be /dev/xvdf1




Step 9:
==Make the Magic happen==


If you find another disk than EBS is attached successfully, now we have to replace old authorized_eys (production or lost .pem) with new created authorized_keys for that run below commands.
Copy the certs:


sudo mkdir /mnt/removery_vol
sudo mount /dev/xvdf1 /mnt/recovery_vol
cp .ssh/authorized_keys /mnt/recovery_vol/home/ubuntu/.ssh/authorized_keys




1. sudo mkdir /mnt/removery_vol
==Move the volume back==
2. sudo mount /dev/xvdf1 /mnt/recovery_vol
3. cp .ssh/authorized_keys /mnt/recovery_vol/home/ubuntu/.ssh/authorized_keys


Step 10:
Stop the recovery instance
Detach the volume from the old server
Attach the volume back on the old server


After successfully changes on authorized_keys, detach this volume from new instance and attach it with Production (lost private-key) instance, after attaching now start production instance.


Step 11:
==Start the old server==


Congratulations, now you can connect to this instance using newly created instance Private key (.pem) file.
Sart the original instance
Connect with the new .PEM file
 
 
==Cleanup==
Terminate the recovery instance

Latest revision as of 21:07, 8 November 2024

Introduction

This 10-step process will enable access to an EC2 instance you have lost access to.

This assumes basic AWS / Linux knowledge.


Take notes

Note down the AZ of the problem server, its instance name, and the ID of the root volume.


Make a recovery instance

Create a new instance in the same AZ Create a new key pair for the instance and download it. Don't lose the.PEM file again!!!


Make recovery instance accessable

Give the recovery instance an external IP and assign security groups.


Stop the old instance

Stop the old instance. Don't delete it!


Detatch the root vloume

Detach the root volume from the old instance Attach it to the recovery instance - it is best to use /xvdf


Mount the root volume

use lsblk to find the root volume, it shoud be /dev/xvdf1


Make the Magic happen

Copy the certs: 

sudo mkdir /mnt/removery_vol
sudo mount /dev/xvdf1	/mnt/recovery_vol
cp .ssh/authorized_keys /mnt/recovery_vol/home/ubuntu/.ssh/authorized_keys


Move the volume back

Stop the recovery instance Detach the volume from the old server Attach the volume back on the old server


Start the old server

Sart the original instance Connect with the new .PEM file


Cleanup

Terminate the recovery instance

Retrieved from "https://cramsession.net/index.php?title=Recovery_from_lost_EC2_PEM_file&oldid=643"