How To Create AWS EC2 Keypair
Posted on April 10, 2022 • 4 min read • 772 wordsIn this tutorial we learn how to create AWS EC2 Keypair from AWS Console, using CLI, Terraform and CloudFormation.
In this tutorial we learn how to create AWS key pairs. AWS key pairs is used to access EC2 instances in AWS.
We will learn creating AWS Key Pairs using various methods from AWS Console, CloudFormation to Terraform.
Key airs in AWS have the following requirements / limitation.
~/.ssh/authorized_keys
). If you connect using SSH while using the EC2 Instance Connect API, the SSH2 format is also supported.In this section we learn how to generate key pairs using ssh-keygen
command.
To generate key pairs with 2048 bit length, we can use the command below.
$ ssh-keygen -t rsa -b 2048 -f aws-key-2048 -C howtodojo-keypair
The -f
option above is the key pairs file name, while the -C
option is comment on the key pairs. You can put name or email address on the -C
option to help you identity the owner or usage of the keypair.
It will gives output similar to output below. You can provide passphrase for the key or leave the passphrase empty.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in aws-key-2048
Your public key has been saved in aws-key-2048.pub
The key fingerprint is:
SHA256:KJgqU8OOoijBpfBLy21crQYJRe+6Z9H0saUHjOTrN9c howtodojo-keypair
The key's randomart image is:
+---[RSA 2048]----+
| .. |
| .. . |
| . .o o |
|...+ . .+ + . |
|o.O...o+So * |
|.Bo.ooo + + . |
|*+.=.o + . . |
|*.+ +.= . o . E |
|+ ..+ . o |
+----[SHA256]-----+
To generate key pairs with 4096 bit length, we can use the command below.
$ ssh-keygen -t rsa -b 2048 -f aws-key-4096 -C howtodojo-keypair
It will gives output similar to output below. You can provide passphrase for the key or leave the passphrase empty.
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in aws-key-4096
Your public key has been saved in aws-key-4096.pub
The key fingerprint is:
SHA256:t8sKXWGPqtXg5b3iybZsp7lehUYhux3ulk1R7JXV2Qo howtodojo-keypair
The key's randomart image is:
+---[RSA 2048]----+
| . . .O|
| oE. +=|
| + o..o.|
| . O o...|
| S * * o |
| o O = = |
| . = + * . |
| + ++*.. |
| . .*&*. |
+----[SHA256]-----+
To create AWS key pairs using AWS CLI we can use the command below.
aws ec2 create-key-pair --key-name <key_pair_name>
Replace <key_pair_name>
above with the intended name of your keypair. The output of the command above will be similar to output below.
{
"KeyMaterial": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpQIBAAKCAQEArKLxhP46H4ObLyN/ezUAkP/bcPH9DKdtdkB/1rN67XY44zH5\nQ9IkV2tYUmxI+Zhz4mGYkYCqwr32oVnTF0rkkgtSy2YzMVeSpe6wTjgkptrllsWb\nEMqJ4GHNX4l5S0P4PScR1IH/MDxz6fDkr+dbXUL/CVpreUhsNtlL8o51X779EmBL\nNagSkr1w8ZQx9j362XiNdlBmfPtrdaa+Oj/0eLdUuEwUOPsU9p9bRdW6X9sdQJNw\neKli5CRsLqWKB2x42MyZAkU7TjX8FL1PhxU/v4fPhSgYorsG5JfzfiypP+zMftft\n4EzJID9aqyEiHzrySORtfTfTZT2kT1i0jBZSXQIDAQABAoIBAQCqVOLji0qhyWIV\n-----END RSA PRIVATE KEY-----",
"KeyName": "howtodojo-keypair",
"KeyFingerprint": "8e:d8:f2:6b:5a:00:c3:17:d8:ad:d2:ec:78:f8:9e:23:af:46:03:67",
"KeyPairId": "key-0044e0cfdf44f2982"
}
The sample KeyMaterial
in above output is already truncated. Please note the private key in KeyMaterial
field have newline character printed (\n
). You have to replace \n with new line character in your text editor.
Keep your private key save by storing it using password manager or another saving method.
To get the public key of a private key you can use command below.
ssh-keygen -y -f testing-howtodojo.pem
To create AWS Key Pair using terraform we can use code below.
resource "aws_key_pair" "howtodojo-deployer" {
key_name = "howtodojo-deployer"
public_key = "ssh-rsa <public key> howtodojo-deployer"
}
We cannot generate new AWS key pairs using Terraform and get the private key. We have to generate the key pair by ourselves. The Terraform code only import the public key to AWS
CloudFormation doesn’t support AWS key pair creation. We have to use custom CloudFormation resource to generate key pairs using CloudFormation.
We will not discuss the usage of creating AWS key pair using CloudFormation custom resource in this tutorial.
In this tutorial we learn how to create AWS key pair using AWS Console and AWS CLI. We don’t discuss the creation of AWS key pairs in terraform since it require us to use CloudFormation custom resource.