AWS EC2 SSH Key Pair

Why SSH Key Pair?

Amazon AWS uses keys to encrypt and decrypt login information. At the basic level, a sender uses a public key to encrypt data, which its receiver then decrypts using another private key. These two keys, public and private, are known as a key pair. You need a key pair to be able to connect to your instances.
The keys that Amazon EC2 uses are 2048-bit SSH-2 RSA keys. You can have up to 5,000 key pairs per Region. Amazon EC2 stores the public key only, and you store the private key. Anyone who possesses your private key can decrypt your login information, so it's important that you store your private keys in a secure place.
Because Amazon EC2 doesn't keep a copy of your private key, there is no way to recover a private key if you lose it. However, there can still be a way to connect to instances that use a lost key pair.

Create Key Pair using Console

  • Login to AWS Management Console and choose an AWS Region to create a key pair.
  • Click on services and find EC2 under Compute services.
  • Go to Network & Security > Key Pairs, and then choose Create Key Pair.
  • Enter a friendly name like testraj-ec2-access-key-<region> (for example, tetraj-ec2-access-key-us-east-2).
  • Select pem file format for use with OpenSSH.
  • Click Create key pair.
  • Browse location and save the private key in your computer.
  • File name will be like this (testraj-access-key-us-east-2.pem)
  • Repeat for other AWS Regions if needed.
You can see and assign the keys while you create a new EC2 instance.

Create Key Pair using CLI

  • Open command prompt and configure CLI
  • Type AWS Configure and provide access, Secret Key, Region and output format

To create a key pair, use the create-key-pair command with the --query option, and the --output text option to pipe your private key directly into a file.
aws ec2 create-key-pair --key-name MyKeyPairRajTest --query 'KeyMaterial' --output text > MyKeyPairRajTest.pem
You can check the newly-created key using console also,

Delete key pair

To delete the key pair, run the following command,
aws ec2 delete-key-pair --key-name MyKeyPairTestRaj


In this article, we have leaned how to create EC2 SSH Key pair using AWS Management Console and AWS CLI.