consequences of deleted key pair on ec2 instance
Solution 1:
If you delete the keypair stored by AWS (e.g., using the AWS console), you are really just deleting their copy of the ssh public key. This does not prevent you from continuing to ssh in to an existing instance with the ssh private key that you stored locally as your instance will continue to have a copy of the public key in .ssh/authorized_keys. It simply prevents you from creating new instances with the same keypair.
In a related question (in case people end up here looking for this answer)...
If you delete your local copy of the ssh private key, then you will not be able to ssh into the instance if that is the only public key stored in the .ssh/authorized_keys file. However, you can still get access to the instance following a procedure I outline in this article: Fixing Files on the Root EBS Volume of an EC2 Instance
- stop (not terminate) the EBS boot instance
- move the EBS boot volume to a different running instance
- fix the files (i.e., .ssh/authorized_keys)
- move the EBS boot volume back to the original instance
- start the instance
This process is only available with an EBS boot instance and is one of the many reasons I recommend you run EBS boot instances.
Solution 2:
You will be able to log into the instance using the private key of the deleted pair until you terminate it. Since you will not be able to launch new instances with that keypair, you should remove the old public key and generate a new pair as soon as possible.
I recommend you to provision you instances (using Chef, puppet, cfengine,...) with your own SSH keys (for each user), and use EC2's only as a ultimate resource. It improves security and eases management and control of users login into the instance.