Skip to content

Resource: awsKeyPair

Provides an EC2 key pair resource. A key pair is used to control login access to EC2 instances.

Currently this resource requires an existing user-supplied key pair. This key pair's public key will be registered with AWS to allow logging-in to EC2 instances.

When importing an existing key pair the public key material may be in any format supported by AWS. Supported formats (per the AWS documentation) are:

  • OpenSSH public key format (the format in ~/.ssh/authorized_keys)
  • Base64 encoded DER format
  • SSH public key file format as specified in RFC4716

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.keyPair.KeyPair(this, "deployer", {
  keyName: "deployer-key",
  publicKey:
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com",
});

Argument Reference

The following arguments are supported:

  • keyName - (Optional) The name for the key pair. If neither keyName nor keyNamePrefix is provided, Terraform will create a unique key name using the prefix terraform.
  • keyNamePrefix - (Optional) Creates a unique name beginning with the specified prefix. Conflicts with keyName. If neither keyName nor keyNamePrefix is provided, Terraform will create a unique key name using the prefix terraform.
  • publicKey - (Required) The public key material.
  • tags - (Optional) Key-value map of resource tags. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The key pair name.
  • arn - The key pair ARN.
  • keyName - The key pair name.
  • keyPairId - The key pair ID.
  • keyType - The type of key pair.
  • fingerprint - The MD5 public key fingerprint as specified in section 4 of RFC 4716.
  • tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Import

Key Pairs can be imported using the keyName, e.g.,

$ terraform import aws_key_pair.deployer deployer-key

\~> NOTE: The AWS API does not include the public key in the response, so terraformApply will attempt to replace the key pair. There is currently no supported workaround for this limitation.