Amazon Linux Backup and Recovery

Updated 28-Jun-2024

This is a collection of stuff that can help out when things go wrong.

Extract Fingerprint and Public Key from a Private Key

Extract Public Key from Private Key:

ssh-keygen -y

Generate a Fingerprint of a Private Key to verify in the AWS EC2 Console:

openssl pkcs8 -in path_to_private_key -inform PEM -outform DER -topk8 -nocrypt | openssl sha1 -c

Note: This is usually easier to do by generating a key in AWS EC2 console, which will automatically start download of the pem. From there, generate the public key with:

ssh-keygen -f key.pem -y

From there, after logging into EC2/Lightsail:

echo "PUBLICKEYTEXT" >> ~/.ssh/authorized_keys

This also has the nice factor of keeping the public key inside of AWS. However, do protect the pem/private key as a duplicate does not exist.

Command line

aws ec2 stop-instances --instance-ids i-xyz
aws ec2 detach-volume --volume-id vol-xyz
aws ec2 attach-volume --volume-id vol-xyz --instance i-xyz --device /dev/xvda (or sdf)
aws ec2 start-instances --instance-ids i-xyz

Once that is done, then ssh, yum, mount (if accessing the drive as a secondary to make changes before detatching and reattaching to original instance), as follows:

ssh -i "KEY.pem" [email protected]
sudo su
yum -y update
mount /dev/sdf1 /mnt

Resources