EC2 Backup Restore does not have key pairs

You are correct that the EC2 key pairs are not restored when restoring an EC2 instance from a backup using AWS Backup. This is by design and has not changed recently.

When you restore an EC2 instance, AWS Backup creates a new Amazon Machine Image (AMI), a new instance, the Amazon EBS root volume, any data volumes, and EBS snapshots. However, AWS Backup does not restore or recreate the key pair used for SSH access.

Instead, AWS Backup configures the restored instance to use the same key pair that the protected resource used originally. You cannot specify a different key pair for the restored instance during the restore process. This means that you need to have access to the original private key that was associated with the instance when it was backed up in order to connect via SSH after restoration.

If you no longer have access to the original private key, you won't be able to SSH into the restored instance directly. In this case, you have a few options:

1. Use AWS Systems Manager Session Manager or EC2 Instance Connect to access the instance without SSH.

2. Stop the instance, detach the root volume, attach it to another instance as a data volume, modify the authorized_keys file to add a new public key, then reattach the volume and restart the original instance.

3. Create a new AMI from the restored instance, then launch a new instance from that AMI, specifying a new key pair during launch.

For future backups, it's important to securely store the private keys used for your EC2 instances, as they are not included in the backup and cannot be recreated during restore.
Sources
Restore an Amazon EC2 instance - AWS Backup
EC2 key-pair question | AWS re:Post