I'm aware of get-password-data command which can display PasswordData data like:
$ aws ec2 get-password-data --instance-id i-0123456789
{
"InstanceId": "i-0123456789",
"PasswordData": "\r\nAOh...xg==\r\n",
"Timestamp": "2018-03-27T16:52:04.000Z"
}
however I'd like to know which Key pair name was used to launch the instance, so I can pass it using --priv-launch-key in order to decrypt the password.
For a given instance, you would first use aws ec2 describe-instances to get the information JSON for your instance.
The information also contains the keypair name used to create that instance.
E.g. for an instance i-0e2x8xd7xxx (Note: I use the awesome tool jq to do JSON parsing but you can use any other solution)
aws ec2 describe-instances --instance-ids i-0e2x8xd7xxx | jq '.Reservations[].Instances[].KeyName'
Output:
"my_key_name"
You can store that in a variable, say $keypair_name and then pass it into your aws ec2 get-password-data command.
You would also need to pass in the path on your machine where your keypairs are located e.g. $keypair_path.
For example:
aws ec2 get-password-data --priv-launch-key $keypair_path/$keypair_name .....
Based on @Vish answer, I've created the following shell script:
#/usr/bin/env bash
# Script to show password data of the EC2 instance.
[ $# -eq 0 ] && { echo "Usage: $0 instance_id ..."; exit; }
keyname=$(aws ec2 describe-instances --query 'Reservations[].Instances[].KeyName' --output text --instance-ids $1)
pemfile=$(find ~/.ssh -name "*$keyname*.pem" -print -quit)
if [ -z "$pemfile" ]; then
aws ec2 get-password-data --instance-id $1
else
aws ec2 get-password-data --instance-id $1 --priv-launch-key $pemfile
fi
which aims to decrypt the password based on the key pair name. By default it's looking for the PEM file in user's ~/.ssh folder.
Usage:
./show_ec2_password_data.sh i-instance_id
