Key pairs are used for authentication when connecting from your computer to an Amazon EC2 instance.
Key pairs are, essentially, two hidden files. One file is public and sits on the server you want to connect to. The other is private and sits on the computer you’re connecting from.
Associate a key pair with an EC2 when you launch that EC2. It is possible to add them afterwards, but it’s soooo much easier to do during launch.
More about AWS EC2 Key Pairs and why do we need them?
AWS Management Console vs CLI
If you are using the AWS Management Console to launch an EC2, you’ll be given the option to create a new, or select an existing, key pair ‘on the fly’. The Console explains why you should select a key:
However, if you are using the AWS CLI (Command Line Interface) or CloudFormation, you need to specify an existing key pair or else the instance will be created without one. AWS will not remind you if you forget.
Create the Key Pair using AWS CLI on Linux
Pre-Requisites
I like using AWS CLI on Linux to manage AWS resources. EC2 keys are just one of the many resources you can create using AWS CLI.
To create an EC2 key pair using CLI, first generate the ssh keys then import the public key to Amazon:
1. Generate ssh key pair
At the Linux command prompt (where you’ll be storing your keys):
$ ssh-keygen -t rsa -f ~/.ssh/my-keynameReplace my-keyname with your key name.
Output looks like this:
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/leaherb/.ssh/my-keyname.
Your public key has been saved in /Users/leaherb/.ssh/my-keyname.pub.
The key fingerprint is:
SHA256:qF52zL5Dgoqy21piFRJbLkNV09wH0iOfWPpso8a2DOo my-keyname
The key's randomart image is:
+---[RSA 2048]----+
| o.o.oo.o.. |
|. = .+.= . |
| = o * + |
| + . + o |
| . .. S |
| . ...o.= |
|.o....+o* . |
|++...ooB. |
|=+oE. oo+o |
+----[SHA256]-----+Your new key pair is saved as 2 files in the .ssh directory, under your home directory (~/.ssh/):
my-keyname(private key file)my-keyname.pub(public key file)
2. Import key
Once you have a key pair, use AWS’s import-key-pair to import the public key file up to Amazon.
$ aws ec2 import-key-pair \
--region us-west-2 \
--key-name "my-keyname" \
--public-key-material file://~/.ssh/my-keyname.pubReplace us-west-2 with your region if different, and my-keyname with your key name.
Output looks like this:
{
"KeyFingerprint": "a0:6d:ff:f3:dd:5c:f5:ea:81:72:e4:67:2d:d7:54:6f",
"KeyName": "my-keyname"
}That’s it, you’re done!!
To see the results of your hard work …
View key pairs
Use describe-key-pairs to view your keys on AWS:
$ aws ec2 describe-key-pairs
{
"KeyPairs": [
{
"KeyFingerprint": "a0:6d:ff:f3:dd:5c:f5:ea:81:72:e4:67:2d:d7:54:6f",
"KeyName": "my-keyname"
}
]
}In the AWS Management Console, view your imported key by going to EC2 > Key pairs:
View all key pairs used by your instances
Here’s a handy little command to list your EC2 instances and the associated key pair names:
$ aws ec2 describe-instances \
--query 'Reservations[*].Instances[*].[InstanceId, KeyName,State.Name]' \
--filters Name=instance-state-name,Values=running\
--output table
--------------------------------------------------
| DescribeInstances |
+----------------------+--------------+----------+
| i-0bee4c5040eb52f52 | my-keyname | running |
+----------------------+--------------+----------+
Leave a Reply