Skip to content

Key Pair

An EC2 Key Pair is used for securing access to EC2 Instances you provision. If you provision a Linux host it'll allow you to SSH into the system and manage it. If it's a Windows host, you'll be able to decrypt the password for the Administrator user.

AWS will need us to upload this SSH key to EC2 so that it can be used when provisioning systems. We provide AWS with the public component of the key pair, not the private key.


We can also get AWS to generate this key pair for us, but I believe it's more secure to generate the SSH key ahead of time.

Implementation Details

Name Description Public Key
deployment-key The SSH key used to access our EC2 instances

Generating an SSH Key Pair

There are multiple ways to generate an SSH key pair. Because we recommend using a Unix like system to follow along the instructions below assume you're using such a system.

In the command line, we'll do this to generate a key pair:

ssh-keygen -f ~/.ssh/deployment_key

We'll call the key deployment_key so that we can refer to it throughout the book. You're welcome to provide an SSH pass phrase - it's probably a good idea - but for learning purposes you're welcome to leave this field blank and simply hit return (twice.)

This will produce two important files:

  1. deployment_key

File (1) is the private key and must be kept private (hence the name: private key) and never shared with anyone. File (2) is the public component and can be shared (somewhat) freely, or at least it's not an issue if the file is leaked or made public.

We're going to use the contents of in our Terraform code, and deployment_key with Ansible (but we won't be using the contents of the file directly, so don't copy/paste the contents to your Ansible code.)

We're also going to need to use the contents of deployment_key later on when we do the automated deployment via CI/CD.