Let’s Create an AWS Key-Pair!

geoinformatica

8 Oct, 2023

Let’s Create an AWS Key-Pair!

Creating a key pair through the AWS Management Console is a straightforward process. Follow these steps to generate a key pair.

Step 1: Log into AWS Console

  1. Go to the AWS Management ConsoleAWS Console
  2. Sign in to your AWS account.

Step 2: Navigate to the EC2 Key Pair Section

  1. In the AWS Management Console, search for EC2 and open the EC2 Dashboard.
  2. In the left-hand menu, under Network & Security, click Key Pairs.

Step 3: Create a New Key Pair

  1. Click on Create key pair (top right).
  2. Provide the following details:
    • Name: Enter a unique name for the key pair (e.g., my-key-pair).
    • Key pair type: Choose RSA or ED25519 (ED25519 is recommended for better security and performance).
    • Private key file format:
      • .pem (used for SSH access to Linux instances)
      • .ppk (for PuTTY on Windows)
    • Tags (optional): You can add tags for organization.
  3. Click Create key pair.

Step 4: Download the Private Key

  • AWS will generate the key pair and automatically download the private key file (.pem or .ppk).
  • Important: Store this file securely because AWS does not store private keys.
  • Do not share this key with anyone.

Step 5: Use the Key Pair

  • For Linux SSH Access: ssh -i my-key-pair.pem ec2-user@your-ec2-instance-ip
  • For Windows (PuTTY):
    • Convert .pem to .ppk using PuTTYgen.
    • Use it in PuTTY to connect to the EC2 instance.

Security Best Practices

  • Never share the private key or commit it to a repository (e.g., GitHub).
  • Use AWS Systems Manager for secure access instead of SSH when possible.
  • Rotate keys periodically for better security.
  • Limit access using security groups in EC2.

Applying an AWS Key Pair in CloudFormation

You can specify the key pair in an AWS CloudFormation template when launching an EC2 instance.

Steps to Apply a Key Pair in CloudFormation

  1. Go to the AWS CloudFormation Console:
    • Navigate to AWS Console > CloudFormation.
    • Click Create stack > With new resources (standard).
  2. Create a CloudFormation Template
    • Use the following YAML template to launch an EC2 instance using your key pair:

CloudFormation Template Example (YAML)

AWSTemplateFormatVersion: "2010-09-09"
Resources:
  MyEC2Instance:
    Type: "AWS::EC2::Instance"
    Properties:
      InstanceType: "t2.micro"
      KeyName: "my-key-pair"  # Replace with your actual key pair name
      ImageId: "ami-0c55b159cbfafe1f0"  # Example Amazon Linux AMI, replace with your region-specific AMI
      SecurityGroups:
        - Ref: MySecurityGroup

  MySecurityGroup:
    Type: "AWS::EC2::SecurityGroup"
    Properties:
      GroupDescription: "Enable SSH access"
      SecurityGroupIngress:
        - IpProtocol: "tcp"
          FromPort: 22
          ToPort: 22
          CidrIp: "0.0.0.0/0"  # Replace with a specific IP range for security

Deploy the CloudFormation Stack

  1. In CloudFormation, select Upload a template file.
  2. Upload the YAML file containing the above template.
  3. Click Next and enter a stack name (e.g., EC2-KeyPair-Stack).
  4. Click Next and keep the default options.
  5. Click Create stack.

Verifying the Key Pair on the EC2 Instance

  1. Once the stack creation is complete, go to the EC2 dashboard.
  2. Find the created EC2 instance and verify the Key Name in the details tab.
  3. Connect using SSH: ssh -i my-key-pair.pem ec2-user@your-ec2-instance-ip

Best Practices

  • Do not expose SSH (port 22) to 0.0.0.0/0, restrict it to your IP.
  • Use AWS Systems Manager Session Manager instead of SSH for better security.
  • Rotate key pairs periodically and manage them using AWS Secrets Manager.