I'm trying to setup my AWS EC2 Instance with a Key Pair that I just created. The original instance was already setup without a key pair, so I'm trying to Launch a new Instance and set the Key Pair during that process. AWS docs instruct to "Specify the new key pair that you created" after I select the AMI, but I do not see anywhere that I can do this during the creation process. So, either I'm really clueless or something is not showing up correctly in the AWS creation steps (probably the former).
Instance: t1.micro
AMI: Amazon Linux AMI 2013.09
Ports: 80 and 22
Forgive me if I'm not including all the appropriate details. I'm brand new to AWS and nothing is coming easily for me. I have researched this to death here on SO and on Google to no avail.
Thank you for the two comments above. Unfortunately, neither address the issue as I was needing addressed.
I did find the following AWS documentation, which is specifically noted by AWS as "Computing Basics for Windows", but in bullet pt# 4 of this "Step 4: Launch an Instance" page there is the clarification that you must first press LAUNCH before the Key Pair setting is requested of you. Nowhere else in their documentation was this specified, which was the confusion for me: I didn't want to press LAUNCH without first selecting the Key Pair but in fact that's a required step. Here's the URL:
http://docs.aws.amazon.com/gettingstarted/latest/computebasics/gettingstarted-launch-instance.html
I hope this clarifies confusion for someone else in the future.
Related
I have an EC2 instance managed by Elastic Beanstalk, and I recently changed my key pair to a new one (findy-key-2) by modifying authorized_keys, because I lost my old private key (findy-key).
$ cat authorized_keys
ssh-rsa [my private key] findy-key-2
So right now I have ssh access to my own instance.
However, perhaps because I changed the key pair manually, it seems that EC2 doesn't recognize the new key pair name correctly. In the EC2 console, it still says the key pair name is findy-key, which I already deleted.
And because of that, I'm getting the error below when trying to upgrade to Amazon Linux 2 on the EB dashboard.
Configuration validation exception: Invalid option value: 'findy-key' (Namespace: 'aws:autoscaling:launchconfiguration', OptionName: 'EC2KeyName'): The key pair 'findy-key' does not exist
I noticed that under Elastic Beanstalk Dashboard > Configuration > Security, I can choose the new key from the EC2 key pair drop-down. But the warning message, Each of your existing EC2 instances will be replaced and your new settings will take effect then. implying that my current instance will be terminated, is frightening me because there might be some side effects such as loosing connection to my RDS volume (yes, I'm a newbie to AWS).
Hence, I'm trying to find a way to change the key pair name of an EC2 instance without terminating and creating a new one. If that's not possible, I want to know what are the possible side effects of replacing an EC2 instance.
Thank you.
For short term solution, you can use AWS Systems Manager Session Manager to login to your instances. For this you will need to add SSM permissions to your EB instance profile/role.
You can also try using EC2 Instance Connect which may work out of the box on the instances and you don't have to do anything special to use it.
But for the long term solution, you have to use EB options for that. The reason is that you instances run in Autoscaling group and they can be terminated at any time anyway. So if you are worrying about "some side effects", they you have to redesign your application so that it is stateless. This means that your application does not depend on any instance terminations and re-launch due to autoscaling events.
I solved this by creating another private key named findy-key (which is the name of the old key I deleted before) in AWS Console, and adding its public key in authorized_keys.
I feel like this is a beginner question, but after messing with it for days I'm completely stumped.
I set up an instance on Amazon AWS last year, and I'd like to SSH into the instance to upgrade some software. I am unable to find the original .pem file anywhere, and everything I find to try to solve the problem — including these directions — refer to selecting the running instance on my EC2 Dashboard.
However, when I log in as a root user, it shows there are no running instances. By default it comes up as N. Virginia, but when I check the other US locations none of them show any running resources. My instance's address (the link I use for mySQL and phpMyAdmin, for example) is in the form of ec2-XXX-XXX-XXX-XXX.ca-central-1.compute.amazonaws.com, if that makes any difference.
Any ideas on next steps? I have all the data on the running instance backed up so I can recreate things as necessary. I admit that I'm a beginner with AWS (obviously) but I super-pinky-promise to store my .pem file in a safe place next time...
By default it comes up as N. Virginia, but when I check the other US
locations none of them show any running resources. My instance's
address (the link I use for mySQL and phpMyAdmin, for example) is in
the form of ec2-XXX-XXX-XXX-XXX.ca-central-1.compute.amazonaws.com, if
that makes any difference.
Your instance is running in the AWS Canada region, as indicated by the region name ca-central-1 in the address, which is why you aren't seeing it in any US region.
In the AWS RDS Console using an IAM user with full permission, I selected our current RDS instance which is a db.t1.micro, clicked on "Instance Actions" and chose "Modify". I then changed both the MySQL version to 5.6.37 (current version is 5.6.34) and the Instance Class to db.t2.small. I also checked the "Apply Immediately" checkbox, and applied the modification. However, the modification didn't happen.
Instead, I'm seeing the following in the Maintenance Details for the instance:
Maintenance Window: sat:20:00-sat:20:30
Pending Modifications: DB Instance Class: db.t2.small, Engine Version: 5.6.37
Pending Maintenance: None
I figured maybe the "Apply Immediately" didn't go through, so I decided to just wait for the Maintenance window this Saturday. However, nothing happened on Saturday, and the situation remains the same.
This morning I tried using "Modify Instance" again and made sure I for sure selected the "Apply Immediately", but the result is the same.
I also tried to use the command-line interface to upgrade the instance with this command:
aws rds modify-db-instance --db-instance-identifier xxxxx --db-instance-class db.t2.small --apply-immediately
But this gives the following error (perhaps a hint?):
Service rds not available in region US West (Oregon)
The instance I tried to modify is in the US West (Oregon) region.
Any help is appreciated. I'm willing to use a different method to upgrade the instance, but I'm hoping to avoid having to change all the DB address and login settings on our websites and applications.
I solved this issue by stopping the instance with a saved snapshot and then started it again. This cleared out the "Pending Maintenance" but did not actually perform the upgrade. I then went through the "Modify" action again but only chose to modify the instance class. This time the modify happened right away and now it's the correct instance class.
I have been struggling with this since last 2 days - A. Trying to create AWS Spot Instance with Deep Learning AMI for Linux (free).
B. Upon launching EC2 Instance it says Spot Instance request successfully created but it fails to create the instance.
C. Using Spot Fleet role, and later have been trying to change it to provide Admin access to this role through Policies.
However, the instance is never created and in the History tab I see Event Type = fleetRequestChange goes from Submitted, active, cancelled_terminating within a minute and later cancelled.
I have been reading through its documentation but don't see a reason for it to fail. Verified the Region and AMI as well. Tried changing bid price and with default recommended option as well. But nothing seems to work.
This is the link I'm referring - AWS setup for Deep Learning
Please skip the initial portion of getting credits and you can directly jump to EC2 instance configuration setup.
Kindly help! I am unable to proceed for the past 2 days.
Thank you!
It worked perfectly fine for me.
Launched the Deep Learning AMI (ami-df77b6a7) in the Oregon region
Spot pricing as documented in the article you referenced
I could ssh into the instance after it launched
One thing you could check... Click the Limits link in your EC2 console to confirm that you can launch this type of instance.
Mine said:
Running On-Demand g2.2xlarge instances: 5
First off, I'm a new-born with AWS (started looking into it two days ago). My client needs a new Drupal 6 module, I have it done, all I need is to upload it and set some things up. My client gave me a username and password for Amazon, so I figured they were using AWS.
I can see the Running Instance, and I've followed Amazon documentation to add a new Key Pair and also add my a custom IP rule for SSH access. Problem is, when I try to connect via ssh with a very simple and basic command
ssh -i taskey.pem ec2-user#ec-x-x-x-x...amazonaws.com
the reponse is
Permission denied (publickey).
Satus of my environment:
Existing SSH rule for my IP address on the Security Group associated to the running Instance
New Key Pair added to the running instance
key.pem file has 0600 permission
I know it's a Centos machine because when I ping the site's IP part of the response says it is. Hence why I use username ec2-user
Just in case, I've also tried ubuntu and root.
Reading around some, it seems that you can't just magically add new Key Pairs to running instances. There is an existing public key for my running instance, but it was created in the past by another worker, and I can't contact them.
My client has no repository, hence, as you can imagine, why I'm not just trying loads of things. If I break it, everything gets lost.
This answer suggests to delete the old Key Pair (the one I have no .pem file for). But I don't know what the consequences of that might be.
Sorry for such noobness but I'm in a rush and have no room to try things.
Thanks in advance.
EDIT
I've chosen the "create an AMI..." answer, simply because it's the one I went for. I liked the fact that the old machine could be kept (shut down) and if anything went wrong all I had to do was turn it on again. I up-voted the other possible answer in regards to mounting and unmounting the hard drive, because it's another way of doing it and, in some cases, the only way.
Steps followed to achieve SSH ACCESS SUCCESSFULLY:
Stop running instance
Create an AMI from it (right click and choose Create Image)
Once that was created I launched it and gave it the same specifics as the original instance
Supply it with my new key-pair
Repointed my assigned elastic-IP (that's the only service I had, luckily very simple). Went to
Elastic IPs, saw the existing one (which no longer had anything assigned to it since the original
instance was shut down. Right clicked it and chose Associate Address and chose the new running
instance from the created AMI in the Associate with list.)
Checked I had SSH access to it.
You cannot add a new key pair to a running instance - like it says in the comments of the answer you point to.
I'm afraid that if you cannot contact a person who has the original .pem file you will not be able to connect to that machine via SSH.
You can create an AMI image from it, and create a new machine from that AMI with the new key-pair. There you could do all the changes you need, and then, point whatever services using it to the new machine. After you verify that the new machine is up to par, you can terminate the old machine.
Amazon provides a guide for connecting to an instance if you lose your private key. As long as it's an EBS backed instance. See here:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#replacing-lost-key-pair
The general procedure for doing so is (from the docs):
You must stop the instance, detach its root volume and attach it to another instance as a data volume, modify the authorized_keys file, move the volume back to the original instance, and restart the instance.