Change KeyPair for the whole Amazon OpsWorks stack
I have an Amazon OpsWorks stack with EC2 instances. Now it has Default SSH key (.pem) which I have no access to. What I've tried:
- I've created a new one, saved it and did
chmod 600. - Tried to change KeyPair for an instance and tried to
ssh -v -i path/to/.pem ubuntu@hostafter restarting it:permission denied (public key) - Tried to change KeyPair for the whole stack at the
Stack Settingspage after restarting the whole stack: still gettingpermission denied (public key) - Tried to change
ubuntutoec2-user. Still nothing!
Noticed that keys changed at OpsWorks Home but remained the same at EC2 Management Console. Strange.
Am I missing anything? Doing wrong? Any help appreciated. Thanks
Like @chris said, there is no way to change the key associated with the instance. You will need to launch a new one with the new key assigned to it.
BUT If SSH access is what you need, don't bother trying to change or update the key associated with the instance. It has been a while since I stopped assigning keys to instances over allowing OpsWorks manage user access in the permissions section.
This gives you great flexibility because you don't need to share keys amongst users or start new instances every time you need to change or set a new SSH key. You can add or remove users any time, and you control who has SSH and/or Sudo access.
To start either grant one of your users access to OpsWorks or import IAM users:
After access has been granted, ask the user to add their own public key in the "My Settings" > Edit page:
If you gave this user access to SSH all you have to do is wait for the recipes to finish running and the user will be able to connect to the instance like this:
$ ssh -i ~/.ssh/[your-key-file] [user-name]@[instance-ip-address]
Note that any time you make changes to the permissions or settings section, recipes will be run in your instances updating the user access.
For more information on how to grant user permissions in OpsWorks see the AWS Documentation
- Does EKS Auto Mode use AWS Load Balancer Controller?
- kubectl error You must be logged in to the server (Unauthorized) when accessing EKS cluster
- AWS Elasticache -- How to flush node from console?
- How to parameterize prevent_destroy lifecycle configuration in Terraform?
- RDS instance start: which subnet/AZ is selected?
- Connection refused error (127.0.0.1:4566) for Localstack S3
- Problem with file directory link in amazon s3
- Can I use aws-advanced-jdbc-wrapper with MySQL?
- Creating Lambda Snapstart with Typescript CDK
- How to force SQL Server container to immediately update MDF file in Docker volume?
- AWS Cloudwatch agent config file removed after startup
- AWS lambda SQS does not allow to process 1 message per 1 invocation
- How can I create a TLS/SSL connection to a mongodb instance on AWS with a certificate made by certificate manager? Health check failed
- Cloudfront redirect when signed cookies not present
- AWS Lambda and DynamoDB - updatetItem is not a function
- AWS ElasticBeanstalk EC2 Termination Protection
- Allowing AWS Cognito Users to authentication to JIRA via SAML/SSO (Domain Not found)
- Install pgAgent on AWS RDS for Postgres
- Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect)
- List all parameters in AWS SSM Parameter Store
- AWS push_down_predicate not working with DynamoDb
- localstack AWS S3 javascript error : getaddrinfo ENOTFOUND bucketname.localhost
- AWS ECS agent won't start
- AWS VPC (Virtual Private Cloud), rapidly increasing expenses
- SemaphoreCI OIDC AWS connection
- Can't delete AWS internet Gateway
- How to provide multiple StringNotEquals conditions in AWS policy?
- Not able to get ECS fargate metrics on Datadog
- 502 "Internal Server Error" with API Gateway + Lambda when deploying
- Java Springboot application not able to connect to AWS Elasticache Valkey Cache (Serverless)