EC2 Key Pairs

EC2 key pairs are cryptographic keys used for secure SSH access to Amazon EC2 instances.

It's a combination of 2 keys.

1. Public key: Stored by AWS and placed on your EC2 instance.
2. Private key: Downloaded to your local machine.

How EC2 Key Pair works:

1. While creating an ec2 instance we have 2 option we can provide the existing key pair or we can create part of the ec2 instance.
2. Once the ec2 key-pair created, we have an option to download the private key. Once downloaded AWS will delete it and cannot be recovered.
3. Public key will be stored within AWS and used by Ec2 instances.
4. When we create the instance by providing the key-pair the public key will be stored in the ~/.ssh/authorized_keys folder.
5. While connecting to instance user use the Private key instead of password.

Note:

1. Key Pairs don't get deleted from Ec2 instance's root volume when the key pair removed from the ec2 console
2. Launching an ec2 with the golden/pre-build ami, the old key(used while building AMI) will exist with the new key pair in the root volume. User can Use any of the private keys to SSH the instance.

How Instance Connect works:

1. User Initiate the connection by Ec2 Instance connect API.
2. Ec2 instance connect will create an temporary ec2 key pair.
3. Private key will be handled by ec2 instance connect and public key will be passed to instance through instance metadata which will be valid only for 60 seconds. 4.Ec2 instance connect will ssh the ec2 with the AWS IP address range to the instance with the Private key.
4. The session starts and all the connections are logged in cloudtrail.

How to Connect to Linux EC2 Instance with a Lost
SSH Key Pair:

1. Create a new Key Pair
2. Stop the original EC2 instance
3. Detach the EBS root volume
4. Attach the EBS volume to a temporary EC2 instance as a secondary volume
5. Add the new public key to ~/.ssh/authorized_keys on the volume
6. Re-attach the volume to the original instance, then restart the instance