How do I replace a lost key pair for my EC2 Windows instance?

4 minute read
0

I used EC2Config or EC2Launch to try to reset a lost password. I lost the private key file for the key pair that I use to launch my Amazon Elastic Compute Cloud (Amazon EC2) Windows instance.

Resolution

Follow these steps to replace a lost key pair.

Use the AWSSupport-ResetAccess Automation runbook

To use the AWSSupport-ResetAccess Automation runbook to replace a lost key pair or local administrator password, see Reset passwords and SSH keys on EC2 instances.

Create an AMI, and launch a new instance

When you use EC2Config, EC2Launch, or EC2Lanuch v2 to reset a lost password, use its key pair to retrieve the administrator password. If you lost the key pair, then create an Amazon Machine Image (AMI) of your instance, and launch a new instance. Then, use the instance launch wizard to select a new key pair.

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

Complete the following steps:

  1. Create a new key pair, and then save the private key file. You can use the Amazon EC2 console, AWS CLI, or AWS Tools for Windows PowerShell to create the key pair.
    Note: To give the new key pair the same name as the lost key pair, you must first delete the lost key pair.
  2. Open the Amazon EC2 console, and in the navigation pane choose Instances.
  3. Select your instance. From the Details tab, note the Instance type, VPC ID, Subnet ID, Security groups, and AWS Identity and Access Management role (IAM) role for the instance.
  4. Stop your instance.
    Warning: When an instance has an instance store volume, data on the volume is lost when the instance is stopped. When the instance shutdown behavior is set to Terminate, the instance terminates when it's stopped.
  5. Select your instance. Choose Actions, and then choose Image and templates, Create Image. Enter the following information:
    For Image name, enter a name.
    (Optional) For Image description, enter a description.
  6. Choose Create Image, and then choose Close.
  7. In the navigation pane, choose AMIs. When the Status is available, continue to the next step.
  8. Select the AMI, and then choose Launch instance from AMI.
  9. Use the launch instance wizard to launch the instance. Be sure to select the same Instance type, VPC ID, Subnet ID, Security groups, and IAM role as the instance that you replace. Also, make sure to select a new key pair.
  10. (Optional) If the original instance has an associated Elastic IP address, then allocate the Elastic IP address to the new instance.
  11. (Optional) If any Amazon Elastic Block Store (Amazon EBS) volumes aren't captured during AMI creation, then detach the volume and attach it to the new instance.
    Note: When you detach the volume, you don't need to unmount the volume because the original instance is already in the Stopped state.
  12. Reset the administrator password. Use EC2Config for Windows Server 2012 R2 or earlier or EC2Launch for Windows Server 2016 or later. If you use a supported Windows AMI that includes EC2Launch v2, then use EC2Launch v2.
  13. (Optional) To clean up, you can terminate the stopped instance that has the lost key pair. Also, after you launch the new instance, you can delete the AMI.
    Note: If you store AMIs, then you might incur additional costs. If you no longer need the AMI, then delete the AMI.

Related information

Amazon EC2 key pairs and Windows instances

Tutorial: Get started with Amazon EC2 Windows instances

AWS OFFICIAL
AWS OFFICIALUpdated a year ago