How to create a new SSH Key pair and assign it to an EC2 instance which currently does not have one?

Question

I am trying to connect to an AWS RDS MySQL instance (private subnet) via MySQL Workbench. My VPC contains:

• EC2 instance (public subnet)
• RDS instance (private subnet)

I can access the RDS via EC2 but cannot connect to the RDS instance via my local machine. From what I understand, this is because I do not have a SSH key pair.

The EC2 instance was created when I created an ElasticBeanstalk application which hosts a REST API. It appears that an SSH key pair was not created. Without an SSH Key I cannot access the RDS instance from my local machine.

How do I create a new SSH Key pair and assign it to my EC2 instance?

Settings required to connect to MySQL instance via Standard TCP/IP over SSH with MySQL Workbench: Settings required to connect to MySQL instance via Standard TCP/IP over SSH with MySQL Workbench

EC2 warning stating that I do not have an associated key pair. EC2 warning stating that I do not have an associated key pair

Any help would be greatly appreciated!

Answer 1

First of all, just to clarify for future readers, you cannot connect to RDS from your local machine—not because there isn't an SSH Key Pair, but because your RDS instance is located in a private subnet.
In other words, even if you have associated a public IP with your RDS instance, you cannot connect to it because the route table for the private subnet does not route 0.0.0.0/0 traffic through an Internet Gateway.

Having clarified that, if you want to connect to your private RDS instance, you can use your public EC2 instance as a proxy: to do so, you'll need a new SSH key.
You have two options:

• The simpler one: create a new key pair, associate it with a new public EC2 instance during its creation, and then use this new EC2 instance to act as a proxy.
• Create a new key pair and associate to your existing EC2 instance.

Answer 2

To be clear, you need to connect your RDS to an EC2 instance. Unfortunately, you can't connect to the EC2 instance because you lost your pem file.

There are several methods for EC2 connectivity. You probably have an IAM with EC2 connection permission OR an EC2 root.

To connect your instance to your local system via SSH, there is only one easy method.

Take the actions listed below, Generate an SSH Key Pair,

1. Open a new Terminal window
2. Type ssh-keygen -b 4096 -t rsa
3. You will be prompted to enter a filename. By default, your keys will be saved as id_rsa and id_rsa.pub. Simply press Enter to confirm the default - there is no need to change this unless you have multiple keys! (Note: if you would like to change the default filename, you'll need to include the complete file path)
4. When prompted, enter a passphrase.
5. This will created a hidden directory called .ssh that contains both your public (id_rsa.pub) and private (id_rsa.) key files.

For view your public key,cat .ssh/id_rsa.pub.

To close it, simply copy your public key, click EC2 connection, and paste your key at .ssh/authorized_keys.

Now, id_rsa private key is your pem file. Just beyond it for connection. ssh -i .ssh/id_rsa ubuntu@<public ip>