ssh authentication fails to aws ec2 instance launched from ami created with boto3

1
votes

I have an existing AWS Ubuntu EC2 instance (instance_1) with remote ssh access via a public IP address, using my own private/public keys. I create an AMI from this instance using the console, and then launch a new EC2 instance (instance_2) using this AMI. remote ssh to instance_2 (via its own public IP address) then works exactly as for instance_1.

I then use boto3 to create an AMI instead of the console and then launch another EC2 instance (instance_3). ssh authentication fails (Permission denied) on instance_3.

Any idea why the behaviour is different when the AMI is created with boto3 instead of the console? The credentials used with boto3 allow full administrator access using policy arn:aws:iam::aws:policy/AdministratorAccess.

The code to create the AMI:

ec2_client = boto3.client('ec2', region_name=region)
response = ec2_client.create_image(InstanceId=instance_id, Name=ami_name)
new_image_id = response['ImageId']
1
amazon-web-servicessshbotoboto3ec2-ami
Do check the keypair associated. You can check the ssh key of instance_3 by detach it as instance, then mount the volume from another instance. That will tell you all the story.mootmoot
Thanks @mootmoot This was very helpful to find my problem. Turns out that I was passing the wrong 'instance_id' to boto3! Please post your comment as an answer so that I can accept it.JCvdW

1 Answers

1
votes

To diagnose the problem, first check the keypair of the EC2 instance you attempt to connect.

If everything fails (which is rare), you can detach the instance and turn in into standard volume, then mount it from another instance to validate or replace ~/.ssh/authorized_keys .