Skip to content

Resource: awsLightsailKeyPair

Provides a Lightsail Key Pair, for use with Lightsail Instances. These key pairs are separate from EC2 Key Pairs, and must be created or imported for use with Lightsail.

\~> Note: Lightsail is currently only supported in a limited number of AWS Regions, please see "Regions and Availability Zones in Amazon Lightsail" for more details

Example Usage

Create New Key Pair

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.lightsailKeyPair.LightsailKeyPair(this, "lg_key_pair", {
  name: "lg_key_pair",
});

Create New Key Pair with PGP Encrypted Private Key

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.lightsailKeyPair.LightsailKeyPair(this, "lg_key_pair", {
  name: "lg_key_pair",
  pgpKey: "keybase:keybaseusername",
});

Existing Public Key Import

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.lightsailKeyPair.LightsailKeyPair(this, "lg_key_pair", {
  name: "importing",
  publicKey: '${file("~/.ssh/id_rsa.pub")}',
});

Argument Reference

The following arguments are supported:

  • name - (Optional) The name of the Lightsail Key Pair. If omitted, a unique name will be generated by Terraform
  • pgpKey – (Optional) An optional PGP key to encrypt the resulting private key material. Only used when creating a new key pair
  • publicKey - (Required) The public key material. This public key will be imported into Lightsail

\~> NOTE: a PGP key is not required, however it is strongly encouraged. Without a PGP key, the private key material will be stored in state unencrypted. pgpKey is ignored if publicKey is supplied.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The name used for this key pair
  • arn - The ARN of the Lightsail key pair
  • fingerprint - The MD5 public key fingerprint as specified in section 4 of RFC 4716.
  • publicKey - the public key, base64 encoded
  • privateKey - the private key, base64 encoded. This is only populated when creating a new key, and when no pgpKey is provided
  • encryptedPrivateKey – the private key material, base 64 encoded and encrypted with the given pgpKey. This is only populated when creating a new key and pgpKey is supplied
  • encryptedFingerprint - The MD5 public key fingerprint for the encrypted private key

Import

Lightsail Key Pairs cannot be imported, because the private and public key are only available on initial creation.