The default way to access an EC2 instance remotely is using SSH keys. It’s a safe way to connect to your resources in the cloud.
Recently we have to replace a key pair for one of our EC2 instance. It seems like a very simple process but my colleagues couldn’t find much solutions online. Some solutions they found involve stopping the instance and a bit of work detaching and attaching volume to new instance. There is an easier way to do this! You don’t even need to reboot the instance. I have put together this little guide for even non-technical people. It’s all using GUI as well.
Tools you need (and most likely already have): A web browser to access your AWS console, PuTTY for SSH access, PuTTYgen(PuTTY Key Generator) to generate public and private key, WinSCP for transfer and modify key files and Notepad to edit keys.
Summary of the few simple steps:
- Generate new key pair
- Download the new key pair and create new public and private key files
- Replace the authorized key on the EC2 instance
- Connect using your new private key
You will find the detailed guide below:
1. Generate key pair with AWS Console
First, open AWS console, select Key Pairs under NETWORK & SECURITY. You could of course use PuTTYgen or other tools for this but AWS console is fast and very simple to create key pairs
Click on “Create Key Pair”
You should see the new key pair on the list and it would prompt you to download the .pem file
2. Create public and private key files
Install PuTTY and PuTTYgen if you haven’t, start PuTTYgen and load the .pem file you just downloaded from the AWS console
You should see the public key inside the scroll box near the top of the window:
Simply copy the text to a new public key file named “authorized_keys”, you will need add this file to the EC2 instance later.
no extension is needed for this key file. you can remove the file extension when you copy the key to the ec2 instance later with WinSCP.
Next save the private key. I strongly suggest using a passphrase to protect it, that way someone won’t be able to access your instance if they obtained this private key without your passphrase.
I’ll continue in part 2 for the important part of replacing the keys on the EC2 instance.