AWS Certified Security – Specialty — Question 408

A company accidentally deleted the private key for an Amazon Elastic Block Store (Amazon EBS)-backed Amazon EC2 instance. A security engineer needs to regain access to the instance.

Which combination of steps will meet this requirement? (Choose two.)

Answer options

• A. Stop the instance. Detach the root volume. Generate a new key pair.
• B. Keep the instance running. Detach the root volume. Generate a new key pair.
• C. When the volume is detached from the original instance, attach the volume to another instance as a data volume. Modify the authorized_keys file with a new public key. Move the volume back to the original instance. Start the instance.
• D. When the volume is detached from the original instance, attach the volume to another instance as a data volume. Modify the authorized_keys file with a new private key. Move the volume back to the original instance. Start the instance.
• E. When the volume is detached from the original instance, attach the volume to another instance as a data volume. Modify the authorized_keys file with a new public key. Move the volume back to the original instance that is running.

Correct answer: A, C

Explanation

To recover access to an EBS-backed instance after losing the private key, the instance must first be stopped so its root volume can be safely detached. The detached volume is then mounted as a secondary data volume on a temporary instance, where the authorized_keys file is updated with the new public key. Finally, the volume is reattached to the original instance as the root volume, and the instance is started.