Member-only story
Recover lost access to your EC2 instance
I’m being asked the same question over and over again:
I got locked out of my EC2 instance! I did “something” and now I can’t SSH to it. How do I fix that?
Usually this happens during server hardening or some other “fixing the server” attempts gone wrong. From turning on the iptables firewall without leaving port 22 open, through changing some file or directory permissions, to right out messing up the SSH daemon configuration.
~ $ ssh ec2-user@broken-instance
ec2-user@broken-instance: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).Whatever you’ve done that rendered the instance inaccessible has to be undone. But how when you can’t log in?
Option 1 — Systems Manager interactive session
Systems Manager (SSM) is a modern, non-SSH way to access your instances. Using Systems Manager Interactive Session you can login to the EC2 instance even if SSH is broken and fix whatever needs to be fixed.
SSM needs an agent running on the instance and the agent must be able to connect to an Amazon SSM endpoint, both from the network connectivity perspective as well as from the IAM permissions perspective.
