How-to Create a New EC2 Instance Key Pair
A lot of people use Amazon’s cloud service for a myriad of things, and not everyone has the best implementation practices. This opens your cloud to any number of security issues and vulnerabilities that could otherwise be avoided.
One of the most common mistakes users make is to make their Amazon Machine Images (AMIs) publicly accessible. AMIs often contain sensitive data and leaving them ajar is risky, though it happens all too often. A good practice to follow is that when building an AMI, make sure to set the policy to private. Conversely, if you want to share AMIs, make sure that all sensitive data is redacted.
Let’s first discuss how to create a new EC2 Instance Key Pair. At the end of this article, we’ll discuss the need to protect your shared resources as well as who needs to take responsibility for this particular security issue.
How to Create a New EC2 Instance Key Pair
You use an Amazon EC2 key pair each time you launch an EC2 Linux/UNIX or Windows instance. The key pair ensures that only you have access to the instance. In this guide we will describe how to generate a new EC2 key pair.
1. Login to your AWS account and go to AWS console.
2. Select EC2 from above mentioned services.
3. Select any of the regions from the left hand side drop down. E.g. we have selected ‘US-West (Oregon)’.
3. It will list summary of all EC2 activities like number of running instances, EBS volumes, ElasticIPs etc.
4. Select “Key Pairs” from left menu. (EC2 Dashboard). Here will appear all your AWS existing key pairs. If none click to create the first.
9. Click on ‘Create Key Pair’ button. Enter the logical name of key pair you want to create.
10. Press the ‘Create’ button.
11. AWS will create a new key-pair with name ‘myfirstKey’ and it will ask you to download the newly generated private key file (here myfirstKey.pem).
12. Save the private key file without fail since AWS does not store these keys.
- If you lose the key you will never be able to get it back.
- If you have launched an instance with a key pair and by mistake you lost the key, you will not be able to login to the same instance using same key.
13. Once key is saved, it will show the below screen in AWS console with key info.
14. As shown above you have created the key-pair file which can be used when you want to make secure instance launch.
Create new key pair bythe AWS command line API:
1. The command to list all the key-pair is ec2-describe-keypairs.
2. For more options or help use ec2-describe-keypairs -h.
3. Use ec2-add-keypair to add new key pair. You will get the following output:
21. Copy all the content from ‘BEGIN RSA PRIVATE KEY till END RSA PRIVATE KEY’ including both lines and copy to some text file.
22. Save that file as mySecondKey.pem.
23. This will work as your .pem file when you want to use to login to an EC2 instance.
For Cloud Operators
AWS’s resource sharing option facilitates your ability to manage your AWS environment, yet it can also create risks for your digital property. Datapipe Cloud Reports continuous tracks and analyzes your resources and utilization patterns, and provides a down-to-the-hour picture of your AWS consumption and behavior. As for AMIs, it informs you when an object is shared for you to determine if this creates a security issue or not.
Cloud Reports service gives you the visibility you need to better understand, assess, and respond to vulnerabilities, abnormalities, and other hidden issues enabling you to:
- Triage urgent cloud risks
- Diagnose cost, risk, and governance issues
- Track cloud cost and asset vitals
Sign up and we will continuously track your AWS cloud’s health and identify any shared resources that may pose a security risk.
Keywords: Amazon AWS Cloud services, Security, EC2, AWS Security vulnerabilities, AWS Key Pair, SSH, Private Key, Public Key, AWS Console, AWS EC2 Instances