When launching the instance, you specify the key pair. You can specify an existing key pair, or you can specify a new key pair created at startup. At startup, the public key content is placed in the entry in ~/.ssh/authorized_keys on the instance. To log in to the instance, you must specify the private key when connecting to the instance.
Connect to a Linux instance when you lose your private key
If you lose the private key of an instance supported by EBS, you can get it again Access to your instance. You must stop the instance, detach the volume and attach it to another instance as a data volume, then modify the authorized_keys file, move the volume back to the original instance, and restart the instance.
cp .ssh/authorized_keys /mnt/tempvol/home/ec2-user/.ssh/authorized_keys
sudo chown 222:500 /mnt/tempvol/home/ec2-user/ .ssh/authorized_keys
[ec2-user ~]$ sudo ls -l /mnt/tempvol/home/ec2-< span>user/.ssh
total 4
-rw------- 1 222 500 398 Sep 13 22:54 authorized_keys
https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/ec2-key-pairs.html?shortFooter=true#replacing-lost-key-pair