AWS can authenticate using the public-private key mechanism. The recommended authentication mechanism is public-private key authentication instead of passwords to remotely log in to your instances with SSH. We upload the public key to AWS, and store the private key on our local machine. If anyone has your private key, then they can easily log in to your EC2 instances. It's a best practice to store these private keys in a secure place. We can create the public and private key from our machine using tools like PuTTY Key Generator.
You should include a passphrase with the private key to prevent unauthorized persons from logging in to your EC2 instance. When you include a passphrase, you have to enter the passphrase whenever you log in to the EC2 instance. A passphrase on a private key is an extra layer of protection. If you lost your private key for an EBS-backed instance, you can regain access to your instance by executing the following steps:
authorized_keys
file.Here, we list the commands to create a key pair and then launching the EC2 instance (using the key pair).
Use the following steps to create a key pair:
You have to provide the key pair name. You can explicitly specify the text output for this command using the –output
argument for easy cut and paste.
$ aws ec2 create-key-pair --key-name [KeyPairName]
create-key-pair
command, copy the entire output key into file including the following lines:----BEGIN RSA PRIVATE KEY---- -----END RSA PRIVATE KEY-----
WebServerKeyPair
.$ aws ec2 create-key-pair --key-name WebServerKeyPair