✍️ Verified Author: Mflavell • Click to view professional profile & credentials

Revision as of 18:25, 8 November 2024

Introduction

This is a 10 step process that creates a new .PEM file, and copies it to the old EBS volue.

Take notes

Note down the AZ of the problem server, it's instance name and the ID of the root volume.

Make a recovery instance

Create a new instance in the same AZ Create a new key pair for the instance and download it. Dont loose the .PEM file again!!!

Make recovery instance accessable=

Give the recovery instance an exernal IP and assign security groups.

Stop the old instance

Stop the old instance. Don't delete it!

Detatch the root vloume

Detatch the root valoue from the old instance Attach it to the recovery instance - it is best to use /xvdf

Mount the root volume=

use lsblk to find the root volume, it shoud be /dev/xvdf1

Make the Magic happen

Copy the certs:

sudo mkdir /mnt/removery_vol
sudo mount /dev/xvdf1	/mnt/recovery_vol
cp .ssh/authorized_keys /mnt/recovery_vol/home/ubuntu/.ssh/authorized_keys

Move the volume back=

Stop the recoverey instance Detach the volume from the old server Attach the volume back on the old server

Start the old server

Sart the original instance Connect with the new .PEM file

Cleanup

Terminate and the recovery instance

@@ Line 1: / Line 1: @@
-Step 1:
+=Introduction=
-Before Starting, we must have to note down the original instance availability zone (us-east-1a), Instance name and id you can find this on EC2 dashboard after selecting your instance.
+This is a 10 step process that creates a new .PEM file, and copies it to the old EBS volue.
-Step 2:
-Launch a new instance with same availability zone (AZ) as we note down before you can select Availability Zone (AZ) at 3rd step (Configure Instance) while creating an instance.
+==Take notes==
+Note down the AZ of the problem server, it's instance name and the ID of the root volume.
+==Make a recovery instance==
-Step 3 :
+Create a new instance in the same AZ
+Create a new key pair for the instance and download it.
+Dont loose the .PEM file again!!!
-At last while we are launching instance we will see the key-pair section (at last) from there we have an option for creating and downloading a new key pair and then we can launch the instance. Now we have to login with a newly created instance using new key-pair.
+==Make recovery instance accessable===
-Step 4:
+Give the recovery instance an exernal IP and assign security groups.
-As we know each instance contain one or more EBS volumes, that is instance storage, you have find out EBS volume of lost private-key instance, for that click on Instance Description and find , ‘ Root device ‘
-vol-02ee64fe9ba5c7302
+==Stop the old instance==
+Stop the old instance.
+Don't delete it!
-Step 5:
+==Detatch the root vloume==
-Now click on EBS ID this will redirect to EBS Volume page and give a name to this EBS volume so you can identify each volumes. Then we have to detach this volume from the original instance (production instance) for that we have to stop instance (left click on instance select Instance state -> click stop).
+Detatch the root valoue from the old instance
+Attach it to the recovery instance - it is best to use /xvdf
-Step 6:
+==Mount the root volume===
-Once production instance is stopped, detach EBS volume (left click on volume and select detach) and attach it to the newly created instance.
+use lsblk to find the root volume, it shoud be /dev/xvdf1
-Note: If you didn’t find the newly created instance in Attach Instance wizard than something wrong with your Availability Zone (AZ)
-Step 7:
-After Attaching EBS to the newly created instance, now you are able to connect this EBS using newly created instance. For that do log in to newly created instance terminal.
+===Make the Magic happen===
-Step 8:
+Copy the certs:
-After that we have to check whether new EBS is attached successfully or not with new instance you can check by running below command.
+ sudo mkdir /mnt/removery_vol
-lsblk  – This command is used for determining if the volume is partitioned
+ sudo mount /dev/xvdf1	/mnt/recovery_vol
+  cp .ssh/authorized_keys /mnt/recovery_vol/home/ubuntu/.ssh/authorized_keys
+==Move the volume back===
+Stop the recoverey instance
+Detach the volume from the old server
+Attach the volume back on the old server
-Step 9:
+==Start the old server==
-If you find another disk than EBS is attached successfully, now we have to replace old authorized_eys (production or lost .pem) with new created authorized_keys for that run below commands.
+Sart the original instance
+Connect with the new .PEM file
+==Cleanup==
+Terminate and the recovery instance
-. sudo mkdir /mnt/removery_vol
-. sudo mount /dev/xvdf1	/mnt/recovery_vol
-. cp .ssh/authorized_keys /mnt/recovery_vol/home/ubuntu/.ssh/authorized_keys
-Step 10:
-After successfully changes on authorized_keys, detach this volume from new instance and attach it with Production (lost private-key) instance, after attaching now start production instance.
-Step 11:
-Congratulations, now you can connect to this instance using newly created instance Private key (.pem) file.
-Don't lose it again... unless you like doing this!

Recovery from lost EC2 PEM file: Difference between revisions

Revision as of 18:25, 8 November 2024

Contents