EC2 / Client / create_key_pair

create_key_pair#

EC2.Client.create_key_pair(**kwargs)#

Creates an ED25519 or 2048-bit RSA key pair with the specified name and in the specified format. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key or an unencrypted PPK formatted private key for use with PuTTY. If a key with the specified name already exists, Amazon EC2 returns an error.

The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair.

You can have up to 5,000 key pairs per Amazon Web Services Region.

For more information, see Amazon EC2 key pairs in the Amazon EC2 User Guide.

See also: AWS API Documentation

Request Syntax

response = client.create_key_pair(
    KeyName='string',
    KeyType='rsa'|'ed25519',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    KeyFormat='pem'|'ppk',
    DryRun=True|False
)
Parameters:
  • KeyName (string) –

    [REQUIRED]

    A unique name for the key pair.

    Constraints: Up to 255 ASCII characters

  • KeyType (string) –

    The type of key pair. Note that ED25519 keys are not supported for Windows instances.

    Default: rsa

  • TagSpecifications (list) –

    The tags to apply to the new key pair.

    • (dict) –

      The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

      Note

      The Valid Values lists all the resource types that can be tagged. However, the action you’re using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you’re using, you’ll get an error.

      • ResourceType (string) –

        The type of resource to tag on creation.

      • Tags (list) –

        The tags to apply to the resource.

        • (dict) –

          Describes a tag.

          • Key (string) –

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

          • Value (string) –

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

  • KeyFormat (string) –

    The format of the key pair.

    Default: pem

  • DryRun (boolean) – Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Return type:

dict

Returns:

Response Syntax

{
    'KeyPairId': 'string',
    'Tags': [
        {
            'Key': 'string',
            'Value': 'string'
        },
    ],
    'KeyName': 'string',
    'KeyFingerprint': 'string',
    'KeyMaterial': 'string'
}

Response Structure

  • (dict) –

    Describes a key pair.

    • KeyPairId (string) –

      The ID of the key pair.

    • Tags (list) –

      Any tags applied to the key pair.

      • (dict) –

        Describes a tag.

        • Key (string) –

          The key of the tag.

          Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

        • Value (string) –

          The value of the tag.

          Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

    • KeyName (string) –

      The name of the key pair.

    • KeyFingerprint (string) –

      • For RSA key pairs, the key fingerprint is the SHA-1 digest of the DER encoded private key.

      • For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 digest, which is the default for OpenSSH, starting with OpenSSH 6.8.

    • KeyMaterial (string) –

      An unencrypted PEM encoded RSA or ED25519 private key.

Examples

This example creates a key pair named my-key-pair.

response = client.create_key_pair(
    KeyName='my-key-pair',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}