Open In App

How To A Create A Key Pairs In AWS-EC2 ? |Complete Tutorial

Last Updated : 04 Apr, 2024
Like Article

In Amazon Web Services, an EC2 key pair consists of a public key and a private key that is used to securely communicate with EC2 instances. The public key is stored on the EC2 instance and is used to encrypt messages that can only be decrypted by the corresponding private key, which is kept by the user who generated the key pair. The private key is used to decrypt messages that have been encrypted with the public key.

What Is AWS EC2 Key Pair?

When launching an EC2 instance, you have the option to specify a key pair that will be used to encrypt login information and authenticate connections to the instance. If you do not specify a key pair when launching an instance, you will not be able to access it without additional steps, such as creating a new key pair or using an existing one.

We can create a Key Pair with two methods. They are

  1. When we are launching an EC2 Instance.
  2. We can also create a only Key Pair separately.

Types Of AWS EC2 Key Pairs

Following are the two types of key pairs available in the AWS they are

  • Standard key pairs: Standard key pairs are the default SSH key pairs that are generated in AWS while launching the EC2 instance. This consists public key and a private key, and the private key must be securely stored by the user.
  • Imported key pairs: Imported key pairs are which are already existing SSH public keys that we can import and use as the key pair for the EC2 instance.
  • Key pairs for Windows instances: AWS provides key pairs specifically made for remote desktop access for EC2 instances running Windows. The administrator password needed to log into the instance remotely is decrypted using these key pairs.

Step-by-Step Guide on Creating a Key Pair Using Amazon EC2

Step 1: Creating EC2 Instance

  • Navigate to AWS Login Console and log in with your credentials.
  • After Login to your account, you will be navigated to AWS Console Home.
  • Click on the EC2¬†Instance.

AWS console

Step 2: Navigate To Key Pair Section

  • Click on Drop down menu of Network & Security section.
  • Click Key pair option in that drop down menu.

Select keypairs

Step 3: Create A Key Pair

  • Click on the Create Key Pair Button or creating the key pair.

Create key pair

Step 4: Define Key Pair (.ppk Format )

  • provide the a Key Pair name that you are creating now.
  • Select the key pair type as RSA.
  • Select The Private Key File format as .ppk
  • Selecting the Tags are optional.

Defining Key pair

Step 6: Review And Create Key Pair

  • Review The Defined Key Pair after confirmation of it then click on the Key Pair Button.

reviewing and create key pair

Step 6: Downloading The Key Pair

  • Once the key pair is created, it will be downloaded to your system.
  • In Download Section you will see the file is in the Downloading process or downloaded file.

Download the key pair

Step 7: Verifying Created Key Pair

  • Naviagate to Key Pair Section, there you will see the created Key pair as confirmation.

New key pair

  • Finally with this step we successful created a Key Pair.
  • Now you can use the key pair when you will launch any EC2 Instance or Accessing any Instance.

Launch EC2 Instance With Existing Key Pair : A Step-By-Step Guide

After launching the EC2 Instance, we are going to the EC2 Instance with Putty Method. So make sure that putty is available in your local system.

Step 1: Navigate To EC2

  • Login in into AWS Account and your credentials of username and password.
  • After login in, you will be landed into the Console Home, from the console home navigate to the EC2 Page.


Step 2: Launch Instance

  • After once landing on the EC2 page, in the running instances section, Click on Launch Instance button for creating new instance.


Step 3: Define The Instance

  • Define the parameters in the page such as Name as “my_aws_instance” and number of instances as “1”
  • Choose the AMI as “Amazon Linux 2” as shown in below screenshot.
  • Choose the instance type”t2.micro”


Step 4: Choose Existing Key Pair

  • Now, here select the key pair that we created in the above implementation. The below screenshot helps in getting it clear.


Step 5: Review And Launch Instance

  • After once defining the Values and specifications create the instance by clicking on the Launch Instance.
  • It will take some time for creating the instance and take some more time for get into running state.

Step 6: Connect To Instance

  • As shown in the below screenshot, choose the created instance and go for connecting it by clicking on the connect button. It helps in knowing the IP address and Instance username “ec2-user”


Step 7: Open Putty In Setup

  • Now, you needed putty software to connect to the instance, if you don’t have download it from browser as per your system specifications as x64 or amd architecture.
  • Click on the putty software and making it running.


Step 8: Provide Credentials

  • Now, provide the credentials regarding the instance such as “hostname or IP”. The following screenshot specifies clearly about specifying the IP address of my instance.


  • Provide the private key to the ec2-instance, for this navigate to SSH and go to Auth and then click on Credentials path. The below screenshot illustrates it clearly for you.
  • Click on the browser beside the first dialog and then navigate to your file system where the downloaded private key with mykeypair.ppk file located and provide to it.
  • After providing the private file and click on open button.
  • Browse to the file system where the private key is available and open the file as shown in the following screenshot.


Step 9: Connect To EC2 Instance

  • Click on the Accept button and then in the black console screen it will ask for login in user name specify it as ec2-user


Step 10: Success Remote Login

  • After providing the username as ec2-user, you will the black screenshot as shown in the below screenshot of successful connecting to the instance “my_aws_instance” with remote mode.


How To Add A New Key Pair To An AWS EC2 Instance For SSH?

Here, we will guide you how to create and add new key pair to the existing AWS Instance. It helps in the case where you have an ec2-instance and you want to connect to instance with different users then you will need multiple ssh keys for enhancing security via connection.

Step 1: Configure SSH property rules

  • Login to Instance with Putty Connection as shown in the below implementation.
  • Naviagate to /etc/ssh/sshd_config file
  • In that file Change The PermitRootLogin as Yes and permit root login and password based authentication as shown in the below figure.


  • Now restart sshd program with the following commands and the below illustrates this practically.
systemctl reload sshd
systemctl restart sshd


Step 2: Create Your Create Pair Locally

  • Open your terminal in your laptop.
  • Run the following ssh-keygen command to generate a new SSH Key Pair.
ssh-keygen -t rsa -b 2048 -f new_key_pair
  • This command will help in generating a new key pair with a length of 2048 bits. Save the file with new_key_pair


  • provide the permissions to the key files on running the following commands:
chmod 400 new_key_pair
chmod 400

Step 2: Copy the Public Key To The EC2 Instance

  • Open the created key pair’s pub key and copy the file code.
  • Now come to putty where remote connection is already logged in. Navigate to ~/.ssh/ path.
  • Now run the following command and paste the copied public key file code here as shown in the below screenshot.
cat >> authorized_keys
  • After copied press ctrl + C to save that file on terminated the input field of it.
  • On verification of successful copy, we printed the authorized_keys file, Here we can see the successful copying of the public key.


Step 3: Test The SSH Connection With New Key Pair

  • Now try on testing the EC2 Instance using the new key pair.
ssh -l root  -i new_key_pair.pem  instance_ip
  • The following screenshot illustrates the successful connection of ec2-instance with key pair through ssh command.


  • Now, you are able to connect to the instance using key pair of .ppk file with putty connection mode and .pem file with ssh connection mode.

Amazon EC2 Key Pairs And Amazon EC2 Instances

Amazon EC2 stands as Amazon Elastic Compute Cloud, It is a AWS Service that comes with offering effective and flexible computing service. It facilitates the users in launching the virtual servers commonly known as Instances within the AWS Infrastructure. Each created Virtual Machine (VM) is securely is securely accessed and managed through the key pairs. These key pairs are consists of public and private keys. The private key pair is provided to the user, which is very critical and should be keep it in secure. These public and private key files serves as primary method of authentication when connecting to EC2 instances remotely via SSH. Key pairs play a crucial role in ensuring the security and integrity of data and communications within the AWS Ecosystem facilitating the users with secured connection. It will act as a trusted choice for deploying the scalable and reliable cloud infrastructure solutions.

How Does AWS EC2 Key Pair Works?

A Key pair works through the principles of Asymmetric cryptography. It consists two mathematically related keys as private key and public key. The public key encrypts the data and corresponding private key used for decrypting that encrypted data. The point remember that When the data is encrypted with the public key it can only be decrypted by corresponding private key, other private can’t help in decrypting this. The public key is shared openly letting others to encrypt data and then it can only be decryptable by holder of private key. This method ensures in providing a secured communication with key pairs. Key pairs are fundamentals in securing digital communication such as secure server connections, data encryptions and digital signatures for authentication.

AWS CLI Command Of Creating A Key Pair

The AWS CLI mode of creating key pair provides the wide number of options for creating a key pair and flexibility over its connecting with instances. The following are the some of the popular options used while creating the AWS key pair.

Options Of Creating KeyPair

[ –key-name <value> ] : It specifies the name of the key pair. The value should be specified as unique name for the key pair.

[ –dry-run | –no-dry-run ] : It allows simulation of execution of command without actual creating the key pair.

[ -type <value> ] : It used for specifying the type of the key pair to generatesuch as the value be RSA, ECDSA etc.. depending on the type of supporting connection.

[ –key-format <value> ] : It used for specifying the format of the key pair and the value could be PEM, DER etc…

Example Of Create Key Pair With AWS CLI Option

The following example illustrates of creating a key pair with above specified options, here we are providing the key pair name as MyEC2KeyPair and running it without actual execution with providing the format of the key as PEM which stands for (Privacy Enhance Mail).

create-key-pair --key-name MyEC2KeyPair --no-dry-run -type RSA --key-format PEM

People Also Ask

How To Create AWS EC2 Instance


How To Create S3 Bucket


How To Install AWS CLI



In Conclusion on using the concepts of asymmetric cryptography, AWS EC2 key pairs plays an essential role by guarantee a safe communication with EC2 instances. In this article we went on detailing what are EC2 key pairs and how to create them and they works behind. Whether you launching a new instances or configuring the settings it is essential for users in navigating the AWS environment for secured way of data operations.

AWS EC2 Key Pair – FAQs

What Is EC2 Key Pair?

EC2 Key Pair Is a set of cryptographic keys (public and private keys) that ued for securely connect to Amazon EC2 Instances. When you creating key pair public key is stored in the instance and private key file is downloaded to the local system. When you try to connect with, It goes for authentication.

Can I Add A Key Pair To An EC2 Instance?

Yes, You add a key to an ec2 instance while creating or configuring the instance settings for secure access.

Where Are EC2 Key Pairs Stored?

EC2 key pairs are stored locally on your computer that is used to connect to the instances. It is important to securely manage and store the private keys.

What Is The Difference Between EC2 Key Pair And Access Key?

An EC2 key pair is used for securely accessing EC2 instances with SSH protocol whereas Access keys are used for programmatic access of AWS services through APIs.

How Do Key Pairs Work?

Key Pairs work through asymmetric cryptography, Where the public key encrpts the data and the private key decrypts it for ensuring a secured communication and access control.

Can EC2 Have Multiple Key Pairs?

No, Each EC2 instance can only have one key pair association with them at a time. If you want you can replace the old existing one.

Like Article
Suggest improvement
Share your thoughts in the comments

Similar Reads