Creating Key Pairs – Securing EC2 Instances – SCS-C02 Study Guide

Creating Key Pairs

You will now learn to create a new key pair that can be used for an instance. Not creating these key pairs can hinder your ability to connect to your EC2 instances, especially if those instances are not running Systems Manager Agent, as you will see later in this chapter in the Accessing an EC2 Instance Using Session Manager section.

There are two methods for creating key pairs:

  • Creating key pairs during EC2 deployment
  • Creating key pairs within the EC2 service in the AWS Management Console

Both methods are shown in detail in the sections below.

Creating Key Pairs during EC2 Deployment

When you create a key during an EC2 instance creation, you will be able to create the new key pair in the Key pair (login) dialog box when configuring your new EC2 instance on the AWS Management Console (see the screenshot below).

Figure 11.1: Key pair screen for EC2 deployment

The following steps will show you how to create a new key pair using the AWS Management Console:

  1. Instead of selecting the key pair name, click on the link on the right-hand side labeled Create new key pair.
  2. Once you have done this, a new dialog box will appear on the screen. Here, enter the key name, the key type, and the private key format.
  3. Once you have filled out all the values, click the Create key pair button, and your new key pair will be created. You will then be prompted to download the private key for safekeeping.

Figure 11.2: Key pair creation screen for EC2

Although creating a key pair when creating an EC2 instance seems convenient, you should also know how to plan out your key pairs beforehand. This is discussed next.

Creating Key Pairs within the EC2 Console

To create a new key pair from the EC2 dashboard, follow these steps:

  1. From the EC2 console, select Key Pairs from the left-hand menu in the Network & Security sub-section.

Figure 11.3: Key pair in the EC2 console menu

  • At the top-right of the page, click the button labeled Create key pair.
  • You will be brought to the Create key pair page. Here, give your key pair a name, such as chapter11-RSA. You may also change the encryption algorithm (Key pair type) to ED25519 but note that the RSA algorithm is the one that works with both Linux and Windows instances.

Figure 11.4: Key pair screen for EC2

  • If you are using a Windows machine and connecting to your instances via the PuTTY client, save your key format in the .ppk format. Otherwise, keep the default .pem setting for the private key file.

Figure 11.5: Key pair format selection

  • Finally, press the Create key pair button and you will be prompted to download your private key file.

Your key pair will now appear in the list of active key pairs and can be used when you create new EC2 instances.

With the preceding steps, you learned how to create a key pair. But what if you ever need to delete it? The following section will deal with this.