What is the 'None' option for, for the keypairs when launching an instance in EC2?

Question

I want to know when should you use it? I was following this tutorial and it says that I must not use the None option.

Since I have this option, there has to be some use for it, right? I want to know in which scenario would I use it?

Answer 1

When you specify a keypair name on running an instance of an AMI, Amazon EC2 provides the public ssh key to the instance so that it can do things like add the key to $HOME/.ssh/authorized_keys for the default user. The default user depends on the AMI and may be "ec2-user" or "ubuntu" or even "root".

However, it is not a requirement of AMIs that they use the ssh key, it is merely a convenient convention and one of the few ways to provide the person running the AMI with secure access to the instance.

If you don't provide an ssh keypair name (i.e., you specify "None") then you'll need to figure out a different way to make the instance usable. For Amazon Linux and Ubuntu AMIs, you could use the CloudInit system and pass in a user-data script that sets up access through ssh or installs software that you want to run on the instance even if you don't want ssh access.

Even if you don't expect to need ssh access to an instance, it is often handy to have for tracking down problems when a system or the software running on it have issues.

So "None" is a valid option that might be somewhat practical to use in a few circumstances, but generally it is recommended that you provide a value, if just for emergencies.

Answer 2

We use the none option in cases where our AMI is so solid that we don't want to make the machine accessible by any other mean than through the software that is installed on it. As an example, we use a Service Bus software which works with queues, this particular AMI will boot up and start listening to the queues to process messages, it does absolutely nothing else. In this situation, since there is no data hosted on the machine itself (not even queue data) then we have no need to access it.

But if you ever go down that route, be ready to become an expert at bringing up "throw away" machines on a regular basis just to solidify the AMI. I'd say that in the case of a black box type of situation, none can be helpful.

Hope this helps,