How to retrieve the password of an AWS custom AMI - amazon-web-services

I've recently made an AMI from an important server instance I had. Recently, I made an AMI out of that instance, and then deleted it in order to save space. Now, I'm trying to make an instance from that custom AMI, and in-order to connect to it I need the old password(For some reason that is what it requires). I still own the .pem keypair file needed to decode the password, however it wont let me get and de-crypt the key.
What should i do in order to get the password of the custom AMI?

Assuming that you are using a Windows instance, you can follow these directions in the Amazon EC2 documentation: Resetting an Administrator Password that's Lost or Expired.
The process uses another EC2 instance to access the disk to modify a configuration setting, allowing you to retrieve a new password.
Basically, the steps are:
Stop the "original" instance
Launch a "temporary" instance
Detach the boot volume (let's call it Volume A) from the original instance
Attach Volume A to the temporary instance
Modify a setting will which cause the EC2Config service to generate a new password
Detach Volume A from the temporary instance
Reattach Volume A to the original instance
Boot the original instance
Use the standard "Get Windows Password" process to retrieve the new password

Related

Original instance terminated, can't RDP into new instance with EBS snapshot restored volume

I'm new to EC2 and I mistakenly terminated an instance that was setup the way that I like and had taken EBS snapshots of (root volume).
I created an AMI based on the snapshot I wanted, but when I launch a new instance, I no longer am able to decrypt the Administrator password for the volume. I tried these steps but couldn't get it to work even though I have the pem for the key file.
Is there anyway to recover this Administrator password?
The password for this is the same as the one you took the snapshot from.
If you still have that password you can use it to connect, otherwise you will need to reset it.
All hope is not lost, there are a few official solutions used to reset the password.

Create copy of EC2 instance and launch as new instances

I setup one mail server in one EC2 instances. I want to copy the whole instance and launch as another new instance.
I'm very confused about snapshot and AMI, so please suggest how to do it.
When talking about creating a copy or clone of an instance, there's two aspects to consider:
The configuration of the instance itself, such as Instance Type, Security Group, IAM Role and network subnet
The contents of the disk volume(s)
To launch an instance with the same instance configuration, use the Launch More Like This option in the actions menu, which can launch a new instance with the same configuration. This will also select the original AMI used to launch the initial instance -- please note that this means it will have the same disk as sued when launching the initial instance, but will not have a copy of all data stored/changed on the initial instance since it was first started.
If you wish to make a perfect copy of the instance, including the contents of the disk volume(s), then create an AMI (see documentation for Linux and Windows). This will make a copy of the disk volume(s) so that any instance launched from the AMI will have the same data on disk. Then, launch a new instance from that AMI.

How to recover lost private key of instance of aws server?

I have lost private key of my AWS instance.I searched the option in console panel.
I'm afraid you might be out of luck:
When you launch an instance, you should specify the name of the key
pair you plan to use to connect to the instance. If you don't specify
the name of an existing key pair when you launch an instance, you
won't be able to connect to the instance. When you connect to the
instance, you must specify the private key that corresponds to the key
pair you specified when you launched the instance. Amazon EC2 doesn't
keep a copy of your private key; therefore, if you lose a private key,
there is no way to recover it. If you lose the private key for an
instance store-backed instance, you can't access the instance; you
should terminate the instance and launch another instance using a new
key pair. If you lose the private key for an EBS-backed Linux
instance, you can regain access to your instance. For more
information, see Connecting to Your Linux Instance if You Lose Your
Private Key.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
Yes, you can't recover the old key. Still, you can generate a new key to access that machine
When we loose private key, You can't login to that machine.
Please follow the below steps to recover the key.
Step 1) Detach your root volume from your machine using AWS console.
Step 2) Launch a fresh EC2 instance(Not from your old machine AMI)
Step 3) Attach your old volume to new EC2 machine
Step 4) Now login to new ec2 machine and mount the old EBS volume
Step 5) Now go to that partition then visit home directory inside that machine and go to .ssh folder.
Step 6) Now generate a new private and public key. Then paste public key into authorized_keys file.
Step 7) Once you done with above steps, detach that volume from this ec2 machine.
Step 8) Now attach this volume to your old machine as root volume
Step 9) Now try to login to your old machine with the newly generated key.
Hope it helps !!

EC2 Instance not accepting new Key Pair - Permission Denied (Public Key)

First off, I'm a new-born with AWS (started looking into it two days ago). My client needs a new Drupal 6 module, I have it done, all I need is to upload it and set some things up. My client gave me a username and password for Amazon, so I figured they were using AWS.
I can see the Running Instance, and I've followed Amazon documentation to add a new Key Pair and also add my a custom IP rule for SSH access. Problem is, when I try to connect via ssh with a very simple and basic command
ssh -i taskey.pem ec2-user#ec-x-x-x-x...amazonaws.com
the reponse is
Permission denied (publickey).
Satus of my environment:
Existing SSH rule for my IP address on the Security Group associated to the running Instance
New Key Pair added to the running instance
key.pem file has 0600 permission
I know it's a Centos machine because when I ping the site's IP part of the response says it is. Hence why I use username ec2-user
Just in case, I've also tried ubuntu and root.
Reading around some, it seems that you can't just magically add new Key Pairs to running instances. There is an existing public key for my running instance, but it was created in the past by another worker, and I can't contact them.
My client has no repository, hence, as you can imagine, why I'm not just trying loads of things. If I break it, everything gets lost.
This answer suggests to delete the old Key Pair (the one I have no .pem file for). But I don't know what the consequences of that might be.
Sorry for such noobness but I'm in a rush and have no room to try things.
Thanks in advance.
EDIT
I've chosen the "create an AMI..." answer, simply because it's the one I went for. I liked the fact that the old machine could be kept (shut down) and if anything went wrong all I had to do was turn it on again. I up-voted the other possible answer in regards to mounting and unmounting the hard drive, because it's another way of doing it and, in some cases, the only way.
Steps followed to achieve SSH ACCESS SUCCESSFULLY:
Stop running instance
Create an AMI from it (right click and choose Create Image)
Once that was created I launched it and gave it the same specifics as the original instance
Supply it with my new key-pair
Repointed my assigned elastic-IP (that's the only service I had, luckily very simple). Went to
Elastic IPs, saw the existing one (which no longer had anything assigned to it since the original
instance was shut down. Right clicked it and chose Associate Address and chose the new running
instance from the created AMI in the Associate with list.)
Checked I had SSH access to it.
You cannot add a new key pair to a running instance - like it says in the comments of the answer you point to.
I'm afraid that if you cannot contact a person who has the original .pem file you will not be able to connect to that machine via SSH.
You can create an AMI image from it, and create a new machine from that AMI with the new key-pair. There you could do all the changes you need, and then, point whatever services using it to the new machine. After you verify that the new machine is up to par, you can terminate the old machine.
Amazon provides a guide for connecting to an instance if you lose your private key. As long as it's an EBS backed instance. See here:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair
The general procedure for doing so is (from the docs):
You must stop the instance, detach its root volume and attach it to another instance as a data volume, modify the authorized_keys file, move the volume back to the original instance, and restart the instance.

Server refused our key - Creating instance from Snapshot

I lost my private key on a server because my hard drive was fried and I didn't have the folder with the key in it backed up. Consequently after research I found that I can make a snapshot of the EC2 instance and launch a new instance with a different key using the snapshot. I was able to do so and setup the new instance with a new key/pair. However, now I still cannot log on to the server through the Amazon client or with Putty SSH. Is there a there a time-frame I have to wait before the instance is SSH ready (i.e. 1 - 2 hours) or did I set it up wrong?
Thanks for any help.
When you ssh using windows m/c, then .ppk key is used and from unix systems .pem key is used.
You can try it once more from an ami, create an ami from the instance and if any ebs volume is attached, consider that too. Use that ami to launch and instance and provide the key at the end as it asks for, if your using the aws web console. In your case create a new keypair to be used and then assign it.
Wait is generally 2-5 minutes for the instance to be up and then try to ssh. Right click on the newly launched instance and check for the log file output. In some cases it can give you the hint.
It is generally preferred to use ebs backed volumes to avoid situations like data loss.