Understanding about Amazon EC2 Key Pairs

Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. Amazon EC2 stores the public key only, and you store the private key. The public and private keys are known as a key pair.

To log in to your instance, you must create a key pair, specify the name of the key pair when you launch the instance, and provide the private key when you connect to the instance. On a Linux instance, the public key content is placed in an entry within ~/.ssh/authorized_keys. This is done at boot time and enables you to securely access your instance using the private key instead of a password.

Creating a Key Pair
Method 1 – You can use Amazon EC2 to create your key pair.

Method 2 – You could use a third-party tool and then import the public key to Amazon EC2. under NETWORK & SECURITY, choose Key Pairs. Choose Import Key Pair.

Important –

  1. If you use community AMIs, make sure that you should not have any existing public key here .ssh/authorized_keys else your EC2 intance might get compromised.
  2. If a user in your organization requires access to the system user account using a separate key pair, you can add that key pair to your instance. Or,
  3. If someone has a copy of the .pem file and you want to prevent them from connecting to your instance (for example, if they’ve left your organization), you can replace the key pair with a new one.


Rajesh Kumar
Follow me
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x