Restore access to Amazon EC2 instance when pem file is lost
Once Ubuntu on a laptop stopped running, cursing the damaged xfs on the disk. Moreover, the project I was working on was stored on it. There was, however, a git repository on the EC2 machine, but the pem file was on the same disk.
I will also mention that I didn’t put it on an FTP server, SFTP access could not be obtained without a key.
Of course, you can talk a lot about the virtues of backup, but I had to find a way to restore access to the cloud machine so as not to lose the work already done.
After a long time exploring the AWS Management Console for how to restore a pem file, I was convinced that it seemed impossible, Amazon does not store it. When creating a new instance, the console prompts you to select an already created key, or create a new one.
If the project files were not stored on the existing machine, I could safely delete the machine and create a new one with a new pem file.
')
And then I remembered the wonderful opportunity that AWS provides - creating your own images (AMI). The essence of this function lies in the fact that you can install the entire set of necessary software on one instance, saving the AMI image, using it to create a series of machines of the same type. You can deploy a single-image cluster in EC2, or save the state of the machine.
Elastic IP
Elastic IP allows you to reserve an IP address for your account, assign it to any of the machines. In my case, IP reservation was a necessary measure, since the machine was already configured DNS, which did not want to reconfigure. However, as far as I understood, when reserving, a new IP is issued, so it is not possible to reserve the ip issued at the start of the machine. So, if you did not attend to the reservation of the address earlier, or its change is not critical, this item can be omitted.
If you reserve IP in advance, this service will allow you to replace the machine unnoticed by the outside world. I recommend using it; Amazon only charges for simple IP addresses, i.e. when it is not tied to a working machine (for one IP, you can see more details here ).
Management of redundancy and IP binding can be done in the console ( EC2 / NETWORK & SECURITY / Elastic IPs ).
Create AMI
As I already wrote, AMI will allow you to save everything that was already on the disk of the machine (installed and configured software, databases, its files) into the image.
To create an image, go to the EC2 section of the AWS management console, select Instances. Click the right mouse button on the instance to which you have lost access, select the item " Create Image (EBS AMI) " from the context menu.
In the window that appears, write the name AMI, specify the necessary options. Here you should pay attention to users of Free Tier, the Amazon annual freebies. It is necessary that your AMI image, in the amount of the image of an already existing machine, does not exceed the free Tayer limit at EBS (Elastic Block Store), which, at the time of this writing, is equal to 30 GB.
Start the car
There are two ways to raise a car from our AMI - via EC2 / Instances / Launch Instance, when choosing AMI, go to My AMI's tab, or select the desired image in the console's AMIs section and click Launch Instance in the context menu.
When choosing Key Pair for the machine (see the first screenshot), create a new pem file, load it, and start the machine.
If you used Elastic IP, untie it from the old machine, tie it to the new one.
An old car (by connecting to a new one, making sure everything worked out) can be deleted. AMI can also be deleted by selecting De-register for AMIs.
UPD: astlock offered another option:
What is the difference: the application of the latter method will be associated with a slightly greater unavailability of services on the instance, associated with the time spent on performing these operations. My way reduces this time to the minimum required for remapping elastic ip.
I will also mention that I didn’t put it on an FTP server, SFTP access could not be obtained without a key.
Of course, you can talk a lot about the virtues of backup, but I had to find a way to restore access to the cloud machine so as not to lose the work already done.
After a long time exploring the AWS Management Console for how to restore a pem file, I was convinced that it seemed impossible, Amazon does not store it. When creating a new instance, the console prompts you to select an already created key, or create a new one.
If the project files were not stored on the existing machine, I could safely delete the machine and create a new one with a new pem file.
')
And then I remembered the wonderful opportunity that AWS provides - creating your own images (AMI). The essence of this function lies in the fact that you can install the entire set of necessary software on one instance, saving the AMI image, using it to create a series of machines of the same type. You can deploy a single-image cluster in EC2, or save the state of the machine.
Elastic IP
Elastic IP allows you to reserve an IP address for your account, assign it to any of the machines. In my case, IP reservation was a necessary measure, since the machine was already configured DNS, which did not want to reconfigure. However, as far as I understood, when reserving, a new IP is issued, so it is not possible to reserve the ip issued at the start of the machine. So, if you did not attend to the reservation of the address earlier, or its change is not critical, this item can be omitted.
If you reserve IP in advance, this service will allow you to replace the machine unnoticed by the outside world. I recommend using it; Amazon only charges for simple IP addresses, i.e. when it is not tied to a working machine (for one IP, you can see more details here ).
Management of redundancy and IP binding can be done in the console ( EC2 / NETWORK & SECURITY / Elastic IPs ).
Create AMI
As I already wrote, AMI will allow you to save everything that was already on the disk of the machine (installed and configured software, databases, its files) into the image.
To create an image, go to the EC2 section of the AWS management console, select Instances. Click the right mouse button on the instance to which you have lost access, select the item " Create Image (EBS AMI) " from the context menu.
In the window that appears, write the name AMI, specify the necessary options. Here you should pay attention to users of Free Tier, the Amazon annual freebies. It is necessary that your AMI image, in the amount of the image of an already existing machine, does not exceed the free Tayer limit at EBS (Elastic Block Store), which, at the time of this writing, is equal to 30 GB.
Start the car
There are two ways to raise a car from our AMI - via EC2 / Instances / Launch Instance, when choosing AMI, go to My AMI's tab, or select the desired image in the console's AMIs section and click Launch Instance in the context menu.
When choosing Key Pair for the machine (see the first screenshot), create a new pem file, load it, and start the machine.
If you used Elastic IP, untie it from the old machine, tie it to the new one.
An old car (by connecting to a new one, making sure everything worked out) can be deleted. AMI can also be deleted by selecting De-register for AMIs.
UPD: astlock offered another option:
-wind instance
- you lift any new from any image
-mount this root disk to it
-guild authorized_keys, insert your key
- rattle a disk, kill a temporary instance
-mount on the old, turn on, connect with the new key.
What is the difference: the application of the latter method will be associated with a slightly greater unavailability of services on the instance, associated with the time spent on performing these operations. My way reduces this time to the minimum required for remapping elastic ip.
Source: https://habr.com/ru/post/166509/
All Articles