I have an EC2 instance running with a keypair that I don't have access to the private key of.
I am currently accessing the instance freely thanks to having the public key of my own custom keypair added to the ~/.ssh/authorized_keys on the instance.
Now I would like to rebundle the running instance into a new AMI, and I was following the instructions here: http://alestic.com/2009/06/ec2-ami-bundle
However, since I do not have access to the same private key as currently defined for the instance, I wonder:
-
which private key I should upload to
/mnt on the instance? (actually, I
don't fully understand what the
private key is required for, if all
that the bundling does is process the
local state of the instance "disk"
into the local files of the bundle) -
if I do not exclude my home directory
with its .ssh, will I be able to
launch and connect to the instance
even if I don't have the instance
private key for it?
Best Answer
The AWS private key is associated with your X.509 certficate; it isn't the same as an SSH private key. See this summary of AWS security credentials.
The X.509 certificate is associated with your AWS account rather than with individual EC2 instances; if you start a new instance using your custom AMI, it will be associated with the X.509 certificate and private key defined in your account.
If you also have an authorized_keys file containing your personal SSH public key bundled into the AMI, you should be able to log in with your own SSH key - this is independent of the X.509 certificate, which is used to authenticate AWS API calls.