Reputation: 452
EC2 Key Pair Change
I have seen several questions and answers about changing the EC2 key pair for a running instance. However I am a complete AWS newbie at this point and I can easily stop the running instance and restart it. That's not a problem in our situation.
Is it possible to stop a running EC2 instance and somehow change the key pair and then start it again on an EBS-backed instance? We are also using an elastic IP on this instance so I can't see any downside of stopping the instance and restarting, but most discussions of changing the key pair assume that restarting an instance is difficult.
I'm not an ops person, I'm trying to get up to speed after our recent EC2 person has left the company.
Thanks in advance!
Upvotes: 5
Views: 25853
Answers (4)
Reputation: 359
I agree with @yegor256 on the best method here to change your keys. You can also visually inspect the authorized_keys file to ensure that only the correct keys are listed--especially when using someone else's AMI. Just be sure the file has the correct permissions or you could lock yourself out accidentally.
Upvotes: 0
Reputation: 105043
No, you can't change the key pair for an instance using AWS management console. The only way to change the key is explained here: Change key pair for ec2 instance
In a nutshell, SSH key is a file, created in the EC2 instance by AWS during setup. Once the file is there, AWS is not touching it. It's only you who can work with it.
Upvotes: 9
Reputation: 746
You are sort of out of luck with regards to changing the key pair associated with the instance. What you can do, though, is one of the following:
- Create a new account with equivalent privileges to the one associated with your key pair, and generate a key pair for that account. Disable the account you wish to deprecate (the one associated with the existing key pair), and delete it from your key pair list. WARNING: if you do what I just wrote in the wrong order, you are out of luck.
- This should work. Emphasis on "should." I believe you can create an AMI image from your existing machine. Then you can just recreate it and associate it with a new key pair, then terminating your old one.
For future reference, best practice would be to have a common key file that is not accessible to everyone to create EC2 instances, then assign credentials for people to do work on them.
Upvotes: 0
Reputation: 2132
You can create an AMI of your current instance and spin up a new instance with a different key pair using that AMI. You can then associate your elastic IP with the new instance. Is that what you're looking to do?
Upvotes: 2
Related Questions
- Changing EC2 pem file key pair when you have access to the EC2 instance
- Change key pair for ec2 instance
- AWS Key Pair Replacement
- Change AWS EC2 instance aws_access_key_id & aws_secret_access_key
- AWS EC2 instance replace key pair
- How to replace/add key pair for a Windows EC2 instance
- EC2 temporary Key pair
- EC2 instance access and change SSH keypairs replacement
- AWS EC2 Key Pair setup
- Is it possible to change an EC2 instance key name as shown in the AWS console?