AWS CLI: Key is not in valid OpenSSH public key format

Question

How to solve this?

# I used this command to create the key with a password
$ ssh-keygen -b 2048 -t rsa -C "awsfrankfurt" -f ~/.ssh/awsfrankfurt

# Then when I try to import it into AWS EC2, the error appears:
$ aws --region eu-central-1 ec2 import-key-pair \
    --key-name "awsfrankfurt" \
    --public-key-material ~/.ssh/awsfrankfurt

An error occurred (InvalidKey.Format) when the ImportKeyPair operation: 
Key is not in valid OpenSSH public key format

Answer 1

AWS only supports RSA keypairs, it does not support DSA, ECDSA or Ed25519 keypairs. If you try to upload a non RSA public key you will get this error.

This is documented here:

Amazon EC2 does not accept DSA keys. Make sure your key generator is set up to create RSA keys.

The error message is misleading as you can upload a valid non RSA key and get the error:

Error import KeyPair: InvalidKey.Format: Key is not in valid OpenSSH public key format

This answer should be useful for people who find this page after searching for this error message.

Answer 2

Create your key and then when calling aws's --public-key-material argument, call it with file:// in front of your key path.

Example:

$ aws --region eu-central-1 ec2 import-key-pair \
    --key-name "awsfrankfurt" \
    --public-key-material file://~/.ssh/awsfrankfurt  # <-- this

This is a weird issue, because, file:// prefix is usually used for Windows, but, here with aws, it applies to unix based terminals as well.