1

I have an EC2 instance running with a keypair that I don't have access to the private key of.

I am currently accessing the instance freely thanks to having the public key of my own custom keypair added to the ~/.ssh/authorized_keys on the instance.

Now I would like to rebundle the running instance into a new AMI, and I was following the instructions here: http://alestic.com/2009/06/ec2-ami-bundle

However, since I do not have access to the same private key as currently defined for the instance, I wonder:

  • which private key I should upload to /mnt on the instance? (actually, I don't fully understand what the private key is required for, if all that the bundling does is process the local state of the instance "disk" into the local files of the bundle)

  • if I do not exclude my home directory with its .ssh, will I be able to launch and connect to the instance even if I don't have the instance private key for it?

GJ.
  • 529
  • 1
  • 7
  • 21

1 Answers1

1

The AWS private key is associated with your X.509 certficate; it isn't the same as an SSH private key. See this summary of AWS security credentials.

The X.509 certificate is associated with your AWS account rather than with individual EC2 instances; if you start a new instance using your custom AMI, it will be associated with the X.509 certificate and private key defined in your account.

If you also have an authorized_keys file containing your personal SSH public key bundled into the AMI, you should be able to log in with your own SSH key - this is independent of the X.509 certificate, which is used to authenticate AWS API calls.

gareth_bowles
  • 9,127
  • 9
  • 34
  • 42