Monday, 13 February 2023

How do I recover the windows EC2 instance if the PEM file is lost?


Introduction —


We store private keys (.PEM format) in a safe location to further RDP into windows instances. If the key pair is lost there is no way to recover it. However, there can still be a way to connect to instances where you’ve lost your private key.

In this blog, we will discuss how to connect to EC2 instances if the key pair is lost. The following steps will guide you through how to retake access to the windows EC2 instance.

Step 1: Create AMI Image of EC2 Instance-

B. For Image Name, enter a Name & For Image Descriptions, enter a Description & then choose to Create Image.

C. Choose AMIs from the left navigation pane. When the Status is available, continue to the next step.


Step2: Create an IAM Role-


A. Go to IAM service & from the navigation pane choose Roles & choose trusted entity as AWS service with service as EC2.


B. Now add permission, search for SSM, and select the below role: AmazonSSMManagedInstanceCore. This is the policy for the EC2 role to enable Systems Manager core functionality.


C. Now stop your original windows EC2 instance in which your key pair is lost.

Step3: Launch Instance From AMI-

A. Choose AMI from the navigation pane, select the AMI which we have previously created & then click on Launch instance from AMI.

B. Make sure we attached the IAM Role in Advanced details of the EC2 instance which we have created previously for SSM.


C. Review it & then Launch the Instance.

We cannot decrypt the password from our new key pair, it needs to have the password of the old key pair but we have lost the old key pair so we cannot decrypt the password and connect to the instance. So we need a way to connect to the new instance that we have created from AMI.

Step4: Configure the Systems Manager (SSM)-

B. Now in the navigation panel select Session Manager and Click Preferences.

C. Configure Key by leaving settings to default.


D. Give the alias name of the key.


E. Give the key permission for the SSM role which we created earlier.


F. Review it & create KMS key, now in KMS key choose the alias name which we created & save it.


G. Go to Fleet Manager select the instance, Click on Node Actions & select Reset Password and Enter the User Name as Administrator.


H. You can see that now the session is encrypted by the KMS key. Enter the new password to complete the command successfully.

I. Now go back to EC2 & connect the instance using RDP, copy the public IP & paste it into RDP, and enter the user name as Administrator & password as what you have set during reset password in SSM.

Conclusion —

No comments:

Post a Comment

AWS CodeGuru Elevating Code Security

  Security and code quality are paramount in today’s fast-paced software development landscape. As the cornerstone of DevSecOps, Static Appl...