Managing secure access to AWS EC2 instances is essential for safeguarding your applications and data. In AWS, key pairs are used as secure login credentials, allowing users to connect to their EC2 instances. However, there are times when you may need to change the key pair associated with an instance—for example, if the original private key file is lost, compromised, or needs to be rotated for security compliance. This guide walks you through the steps required to change the key pair of an existing EC2 instance, ensuring continued secure access without disrupting your instance’s configuration or data.
![](https://shrikanttapkeer.com/wp-content/uploads/2024/11/image.png)
STEP 1 – Go to AWS Management console by logging in your account on – https://aws.amazon.com
STEP 2 – Once you are logged inside AWS Management console then select the particular region where your EC2 instance is located. Refer Below Diagram –
![](https://shrikanttapkeer.com/wp-content/uploads/2024/11/Screenshot-2024-11-11-at-5.20.56 PM-1024x343.png)
Once the Location is selected then click on EC2 instances in the services section and visit the EC2 Dashboard of AWS MANAGEMENT CONSOLE.
![](https://shrikanttapkeer.com/wp-content/uploads/2024/11/Screenshot-2024-11-11-at-5.28.12 PM-1024x931.png)
As you know adding the security key pair is a feature of EC2 service in AMAZON WEB SERVICES hence we need to go to EC2 Dashboard and Navigate Further to Key Pairs under Network & Security on left side pane. Follow the below diagram –
![](https://shrikanttapkeer.com/wp-content/uploads/2024/11/Screenshot-2024-11-11-at-5.45.50 PM-1024x628.png)
STEP 3 – Once you enter Key Pair Tab in AWS MANAGEMENT CONSOLE CLICK on create new Key pair on the extreme Right side below the Region selection which we have done in earlier step.
STEP 4 – It will allow you to create a new key pair with the following information select RSA and .pem format for most reliability and secureness.
![](https://shrikanttapkeer.com/wp-content/uploads/2024/11/Screenshot-2024-11-11-at-5.52.18 PM-1024x972.png)
This step automatically creates and downloads a .pem key file with the key pair name you have provided in the above input box.
STEP 5 – Once the .pem file is downloaded then extract the PUBLIC KEY out of the .pem file using the following commands –
- Linux –
ssh-keygen -f {DOWNLOADED PEM FILE} -y | xclip
- Mac OS –
ssh-keygen -f {DOWNLOADED PEM FILE} -y | pbcopy
The above commands will copy to clipboard the Public key extracted from the Private Key Pem file downloaded.
Store the copied public key in a file for using it later and adding it to the Authorised Keys of the VM.
STEP 6 – Login to the AWS server using the OLD PEM KEY of the server once its logged in , LOGIN to the super user using
-> sudo su
Open the authorised keys document and edit it using a vi, vim , nano etc editor
-> vi .ssh/authorised_keys
![](https://shrikanttapkeer.com/wp-content/uploads/2024/11/Screenshot-2024-11-12-at-6.31.00 PM.png)
If you want to remove existing key then delete the existing pub key, if you want to add and keep only the new key then append the key to existing key.
STEP 7 – You can now Login from the new .PEM key to the server and get it rolling.
Conclusion –
In conclusion, losing the .pem key to your AWS EC2 instance doesn’t have to mean permanent loss of access. AWS provides several effective ways to regain control, from using EC2 Instance Connect to creating a new AMI or attaching the root volume to another instance. Each method ensures you can access your instance without compromising data security or functionality. By following these steps carefully, you’ll be back in control of your instance, with a new key pair in place for secure access going forward. Remember to store your private keys securely to prevent similar situations in the future. If you need any additional help, please don’t hesitate to reach out to me for support.