Change KeyPair for the whole Amazon OpsWorks stack

StackOverflow https://stackoverflow.com/questions/20180354

Question

I have an Amazon OpsWorks stack with EC2 instances. Now it has Default SSH key (.pem) which I have no access to. What I've tried:

  1. I've created a new one, saved it and did chmod 600.
  2. Tried to change KeyPair for an instance and tried to ssh -v -i path/to/.pem ubuntu@host after restarting it: permission denied (public key)
  3. Tried to change KeyPair for the whole stack at the Stack Settings page after restarting the whole stack: still getting permission denied (public key)
  4. Tried to change ubuntu to ec2-user. Still nothing!

Noticed that keys changed at OpsWorks Home but remained the same at EC2 Management Console. Strange.

Am I missing anything? Doing wrong? Any help appreciated. Thanks

Was it helpful?

Solution

Like @chris said, there is no way to change the key associated with the instance. You will need to launch a new one with the new key assigned to it.

BUT If SSH access is what you need, don't bother trying to change or update the key associated with the instance. It has been a while since I stopped assigning keys to instances over allowing OpsWorks manage user access in the permissions section.

This gives you great flexibility because you don't need to share keys amongst users or start new instances every time you need to change or set a new SSH key. You can add or remove users any time, and you control who has SSH and/or Sudo access.

To start either grant one of your users access to OpsWorks or import IAM users:

Import-iam-user

After access has been granted, ask the user to add their own public key in the "My Settings" > Edit page:

enter image description here

enter image description here

If you gave this user access to SSH all you have to do is wait for the recipes to finish running and the user will be able to connect to the instance like this:

 $ ssh -i ~/.ssh/[your-key-file] [user-name]@[instance-ip-address]

Note that any time you make changes to the permissions or settings section, recipes will be run in your instances updating the user access.

For more information on how to grant user permissions in OpsWorks see the AWS Documentation

OTHER TIPS

You cannot change the key associated with an instance after that instance has been created.

If you need access to an instance where you no longer have the key, create an AMI of the instance, and launch a new instance from that AMI with a new key.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top