Issue
I need ssh into aws instance that has been started by another user. The key-pair file has not been shared with me, however valid account credentials, access to aws console and key/secret-key has been provided.
What I understand is that there is no way to download pem file from aws console. Is there any way to re-create pem file via amazon cli using key/secret-key?
Solution
The keypair security mechanism is implemented in Linux, not by AWS. Therefore, there is no way to use AWS credentials to login to an instance without a PEM file.
However, some alternatives:
- If the AMI used is fairly recent, and the correct permissions are assigned, you might be able to use AWS Systems Manager Session Manager to login to the instance, totally bypassing the need for a private key
- If the AMI used is fairly recent, you might be able to Connect Using EC2 Instance Connect, which allows you to temporarily push a new keypair to the instance
- You could create an AMI of the instance, then launch a new instance from the AMI while specifying a keypair. This will put the new keypair into
/home/ec2-user/.aws/authorized_keys, allowing it to be used to login. - If you don't want to create a new instance, you could:
- Stop the instance
- Detach the boot volume
- Attach the boot volume it to another instance
- Add a new keypair to the
/home/ec2-user/.aws/authorized_keysfile on that volume - Detach the volume
- Reattach it to the original instance
- Start the instance
Answered By - John Rotenstein