My Journey to AWS Key Pairs Retrieval


Sometimes we underestimate the importance of some very tiny files, thinking “I will never need these files again.” Have you thought about your AWS Key Pairs files; about how important they are, and what you should do to protect them?

After spending many hours creating and configuring our pilot EC2 server to manage our pilots, instructors and students duty times, their current flight times, helicopters time tables etc., a small thing like saving our Key Pairs files can be overlooked.

One of our instructors called me two weeks after I built the server to tell me that the EC2 server password was disabled, and that access to the database was denied to our users.

Well, you can imagine the stress and the hassle this inconvenience causes to everyone involved. And the worst part of this story is that I had lost my Key Pairs; there is no quick or easy way to recover from this.

With this article, I want to share with you the steps and technique I used to change the Key Pairs and to reset the EC2 password. If you are reading this, you are already aware that if you lose the Key Pairs, you cannot retrieve or reset the password for the EC2 with a new Key Pair; saving face is a little harder than that. I have described below the steps I used to recover the Key Pairs after more than four hours of trial and error.

Getting Started

One of the attributes a pilot learns in training is to control your nerves and manage your stress; so, panic to one side, let’s get started.

The first step is to create an image from the old EC2 Server.

1 . Create an image from the old EC2 Server:

Screen Shot 2016-06-05 at 11.48.01 PM

2. Name the Image. In this example I used “ReverseEc2”.

Screen Shot 2016-06-05 at 11.49.31 PM.png

3. After the image is created, launch a new instance, and then select “My AMI” from the list on the left.

Screen Shot 2016-06-05 at 11.52.09 PM.png

4. Start the server configuration, starting from:

a.  the Type;

b.  Instance Details;

c.  Storage, keep the same settings; and

d.  Security Group.

5.  At the launch stage, generate a new Key Pair, and then download them to your local computer. This time though, don’t forget to save it in many accessible locations on your hard drive.

Screen Shot 2016-06-05 at 11.55.41 PM.png

Enabling EC2SetPassword At the New EC2 Server

At this stage, the new EC2 server is up and running. Now, you have to shut it down; you will not be able to change the password using the new key, as the EC2SetPassword parameter is set to Disabled.

To modify the Windows password of the new EC2 server:

1.  attach the root disk to a running EC2 as a secondary volume;

2. browse to the path below:

\Program Files\Amazon\Ec2ConfigService\Settings\config.xml

3.  edit the config file (Elastic Block Store – Volumes)

4.  Change the “Ec2SetPassword” to “Enabled”. See the image below for the location of the setting to be changed.

Screen Shot 2016-06-06 at 12.00.36 AM.png

5.  Save the file.  Detach the volume from the temp Ec2 (Elastic Block Store – Volumes).

Screen Shot 2016-06-06 at 12.02.12 AM

6. After detaching the volume, choose the Attach option from the Actions Menu to reattached it to the newly created EC2 server as a root device. See the figure below.

Screen Shot 2016-06-06 at 12.07.00 AM.png

Screen Shot 2016-06-06 at 12.07.45 AM.png

7.  Start the EC2 and then reset the password.


While these steps look very easy, I spent time working out this recovery process. From this incident, I learned to be more careful of these tiny files and always save them safely.

I hope you don’t make my mistake, and that you are reading my blog out of interest, and that you haven’t lost your EC2 Key Pairs files.

I hope you found this procedure informative, and don’t forget to share with others like us.

Leave a Reply