How to access EC2 Instance even if PEM file is lost

Question

I lost the PEM key to the EC2 Instance. I followed all the following steps:

HOW TO ACCESS EC2 INSTANCE EVEN IF PEM FILE IS LOST

Accessing the EC2 instance even if you loose the pem file is rather easy.

1. First, create a new instance by creating new access file, call it 'helper' instance with same region and VPC as of the lost pem file instance.

2. Now stop the lost pem file instance. Remember not to terminate instance but to stop it.

3. Go to EBS volumes, select the root volume of the lost pem file instance and detach.

4. Now again select the detached volume and this time you have to attach this volume to helper instance which we created before. Since helper instance already has a root volume by default as /dev/sda1, the newly attached volume will be secondary(eg: /dev/sdf).

5. Login to your helper instance with its pem file.

6. Execute below commands:

   # mount /dev/xvdf1 /mnt
   # cp /root/.ssh/authorized_keys /mnt/root/.ssh/
   # umount /mnt
   

7. Detach the secondary volume from helper instance.

8. Again attach the volume back to our recovery instance. Start the instance. Terminate the helper instance.

Use helper instance pem file to log into recovery instance.

Answer 1

A few weeks ago AWS announced SSM Session Manager. This allows you to access (login) to your EC2 instances without requiring a key pair, password, open ports, etc. Both Windows and Linux are supported.

The latest AMIs do not have the latest version of the SSM agent. You will need to update that first, which you can also do via the SSM Console or via AWS CLI.

AWS Systems Manager Session Manager

Once you connect to your system, you can then correct any problems that you have. For example, you could create a new keypair in the AWS Console and then copy the public key to `~/.ssh/authorized_keys so that you can once again access your system via SSH.

For Windows systems, you can even change the Administrator password if it has been forgotten. This can be a lifesaver.