How to create aws ec2 private-public key pair

Question

I'm following this guide of creating aws environment. Now after I created my environment I want to ssh to the ec2.

What I need is to create private-public key pair, which I don't know how.

at the beginning of the guide, it tells:

Generate public key from private key
ssh-keygen -y -f ~/.ssh/pemfile/mumbai.pem

But how I create a mumbai.pem file on my host? Is there a command to download create this pem, or I need to download it from aws? I'm really new with aws, I hope this is not too obvious.

Answer 1

Just run ssh-keygen and it should prompt you for details on where to create the key. Just note: If you run this command on your local machine, it will generate both the public key and the private key. In this case, you will need to Import Your Own Public Key to Amazon EC2. This method works better for terraform as you can put the text value output of your public key into the aws_key_pair resource easily.

If you create the key via the ec2 console, AWS will keep the public key in the system automatically and your browser will download the private key. See Creating a Key Pair Using Amazon EC2. (this second approach will save you having to upload it to ec2 keypairs). This method also works with the aws_key_pair resource, however you'll have to import the existing resource into terraform. It's simpler to use the first approach.

If you're doing it all via terraform, check out aws_key_pair

Answer 2

First of all, it may be too much if you're new to AWS The tutorial you're using equiped servers with Terraform, which is a 3rd party tool out of AWS

You may consider a much more intuitive turtorial to create your first instance from AWS console, and AWS will help to generate a key-pair, and you will have the full control

In the other hand, this article is an advaced one, it's trying to automate all infra work including instance creation, network and etc. It's useful but may be too complicated to follow

So back to your question, TF will inject the public key generated based on mumbai.pem, into the new server created in this code snippet:

# Define SSH key pair for our instances
resource "aws_key_pair" "default" {
  key_name = "mumbai"
  public_key = "${file("${var.key_path}")}"
}

It's not too obivious as the author is so familiar with TF and he skips the basic part