This will make use of AWS Systems Manager to perform batch update of the new key pair
Perquisites: EC2 instances can be managed by AWS Systems Manager
Reference
- Go to AWS Console → EC2 → Network & Security → Key Pairs
- Create a new key pair with the default settings.
- For the name of the key pair, append with the version suffix
- Download the private key file (IMPORTANT: please store this file carefully as it will be the only time you can download the file)
- Set the permission of the private key to
sudo chmod 600 NEWKEY.pem
- Run this command to generate the public key of the key pair
ssh-keygen -f NEWKEY.pem -y
- Save the public key output to a temporary location
- Go to AWS Console → AWS Systems Manager → Node Management → Run Command
- Select AWS-RunShellScript under the Command document.
- Insert the following under Command Parameters (replace public-key with the one generated earlier)
#!/bin/bash /bin/echo -e "public-key" > /home/ubuntu/.ssh/authorized_keys
Note
The path above is for Ubuntu AMI EC2 instances. For other OS like debian, change the user accordingly for the user path
- Specify the Target instances to update the new public key
- Click on Run
- Change the private key to the newly created key for any application that needs to uses it (this means updating secrets in CI server etc.)
Some other alternatives to achieve the same result: