How to replace keypair files for Amazon EC2 instances?

We currently have several Amazon EC2 instances running and we were using the same Keypair to ssh into these instances. I checked the doc and it says there's no way to replace a keypair on a running instance and AWS uses the private key as the only 开发者_开发技巧way to authenticate our access to the instance.

The problem is that one of our team members (previously responsible for maintenance of these AWS instances) is leaving the company, but he has a copy of the private key on his personal computer!

Though he may delete the private key file on his own or is not going to take advantage of it, as a serious security concern, is there any way to replace that keypair file without stopping our instances? Or is there somewhere a password or certificate that we can change to prevent ssh?

Thanks!!!

If you have a redundancy in your instances, you could just restart them one by one with a new key. But if it is not an option, I'd manually create new ssh key and install it on those instances. Then you should be able to manually disable old key and use this setup until restart.

Long term you could just use hand created ssh keys for employees and have tighter control over master key.