how to make salt-minion generate new keys

Solution 1:

  1. Stop the minion service.

    service salt-minion stop
    
  2. Delete old identity

    rm /etc/salt/pki/minion/minion.pem
    rm /etc/salt/pki/minion/minion.pub
    cat /dev/null > /etc/salt/minion_id
    
  3. Make sure salt will begin on startup

    chkconfig salt-minion on
    
  4. Create your a new AMI

Solution 2:

Give the following command a try:

sudo salt 'name_of_host_whose_keys_you_wish_to_regenerate' saltutil.regen_keys

Source: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.saltutil.html#salt.modules.saltutil.regen_keys