EC2 Create new Linux user(s) with their OWN Key Pairs?

Question

In EC2, i spinned a CentOS v6.5 instance, and i got a Key Pair as well (of course). But the problem is, i hoped it would be like as usual before that it would creates the ec2-user user, so that i can use the ec2-user name and login with that key pair.

But now is not. Instead the key is for root directly. And there also is no ec2-user.

So my basic question would be:

• How to creates each of additional (new) users, (now lets call "michael" as one new user), to be logged in by using their NEWLY generated (own different) key pairs .pem files? (So that "michael" doesn't need to use the Password, but just use it own key pair)
• Again, another new user with new key-pair again. (Lets say, the user annie)

Note: It would be really appreciable if a simple (straight-forward) step-by-step instruction can be provided.

Answer 1

Create the user:

# useradd michael

Generate a key pair for him:

# ssh-keygen -b 2048 -t rsa -f key -C michael

Above command will create tow files: key and key.pub

Create .ssh directory for michael and copy the .pub file as below:

# su - michael
# mkdir .ssh && cd .ssh
# cat > authorized_keys < key.pub
# chmod 0700 ~/.ssh; chmod 0600 ~/.ssh/authorized_keys

Handover key to michael. This is nothing but the private key. Usually AWS appends .pem to the private keys.

Now michael can login with private key key as below:

ssh -i key michael@<ec2_host_name>

Answer 2

The easiest way to achieve this, is during the instance init using cloud-init and user data.

Copy and paste the following script into the User Data field while creating your EC2 instance.

For username, enter the new user's user name. For ssh-rsa AB3nzExample, enter your public key.

#cloud-config
cloud_final_modules:
- [users-groups,always]
users:
  - name: username
    groups: [ wheel ]
    sudo: [ "ALL=(ALL) NOPASSWD:ALL" ]
    shell: /bin/bash
    ssh-authorized-keys: 
    - ssh-rsa AB3nzExample

This can be easily automated if you are using Terraform.