In this video, Jeff Winesett demonstrates creating a new key pair for EC2 instance access.
- [Instructor] Amazon EC2 uses public key cryptography to encrypt and decrypt blog information. Public key cryptography uses a public key to encrypt a piece of data such as a password, then the recipient uses the private key to decrypt the data. The public and private keys together are known as a key pair. To initially log in to an instance, you must first create a key pair. You specify the name of the key pair when you launch the instance, and provide the private key when you connect to the instance. Linux-based instances have no password, rather you use the key pair to log in using SSH.
With Windows instances you use a key pair to obtain the administrator password, and then log in using RDP. So a key pair is assigned to an instance when you spin one up, and it controls access to the instance. So before I show how to launch an EC2 instance, I want to create a key pair. To do this, I go to the console, and the key pairs are under EC2 service. So I'll type in EC2, start to get my suggestions, I go to that service. Then I can navigate over on the left-hand side, down under network and security, key pairs.
Since I'm going to be creating a new key pair, I choose the option create key pair. I need to specify a name. I recommend coming up with some convention for these that works for you and your organization. It's recommended that these be rotated every now and then as part of a good security practice. It's also good to have different key pairs for different uses, so perhaps for example, your application environments might use separate key pairs, like one for dev and one for production. For now, I'll follow something like that.
I'll call this test 3-17, give it some indication of when it was created, and it's just my case for testing things out. I'll create it and at this point the key pair is created and it has downloaded a PIN file for me automatically. This is the private key of the public private key pair. Since I'll be using SSH to log in to the instances I create, I need to ensure proper permissions are set on this PIN file.
So to ensure proper permissions on the PIN file, I need to toggle over to terminal, at least on a Mac device, I'd use the terminal, and I can navigate to where the PIN file was downloaded, which is in downloads. And then I can look for that PIN file. And there it is, if I look at the permissions on this, I see that it's a little bit too open, and if I try to SSH using this PIN file, it's gonna complain that this is not secure enough.
What I want to do is make this read-only for the owner. So I'll use chmod 0400, and I'll have that take effect on that file. Now if I list out the permissions again, I see it's read-only. Okay, now I have a key pair downloaded and it's ready to be used to log into an instance, I need to create a security group that I'm also going to attach to that instance when I create it, so that's what we'll do next.
- Benefits of cloud services
- Making architectures scalable
- Examining cloud constraints
- Virtual servers, EC2, and Elastic IP
- Using the Amazon machine image
- Elastic load balancing
- Using CloudWatch for monitoring
- Security Models
- Elastic block storage
- S3, CloudFront, and Elastic Beanstalk
- Handling queues, workflows, and notifications
- Caching options and services
- Identity and access management
- Creating a custom server image
- Application deployment strategies
- Serverless architectures