Our organization uses Amazon Web Services (AWS), and we have multiple EC2 instances running in different subnets (VPCs) for different clients. Our application is in development and we have need to remote (SSH or RDP) into these instances.
EC2 instances require a key-pair in order to gain access (SSH in the case of Linux, and administrator password in case of Windows RDP). The private key is in the form of a physical file which can only be generated once and downloaded once. Loss of this file equates to loss of the ability to connect to the instances.
Is there a widely accepted, industry-standard best practice for managing the private keys?
Currently I have a physical back-up (encrypted) on a portable hard drive, but that does not seem to me to be the best solution. What methods are employed by large companies to ensure that they are able to survive a disaster?