Amazon EC2 uses public-key cryptography to encrypt and decrypt login information. In the public-key cryptography, the password is encrypted using the public key. The public key is stored in the Amazon EC2 instance and we need private key to decrypt and access the EC2 instance. The public and private keys are known as key pair.
Creating a key pair using the Amazon EC2 console
In order to access the Amazon EC2 console, you must activate your AWS account.
Activate your AWS account
- Open https://aws.amazon.com/ and then choose Create an AWS Account.
- Follow the online instructions to complete the signup.
Access the EC2 console
After activating your account, login and navigate to Amazon EC2 console.
In the top right corner you can select the region of your choice. At the time of this writing, Amazon supports 14 regions in total. In general, select the AWS region which is near to your geographical location so that you can reduce the latency in network to the best possible level. For this example, I chose EU (Frankfurt).
The key pair that you create is specific to that region. If you change the AWS region, you have to create another key pair for that new region.
Create key pair
- In the left navigation pane of EC2 console, choose the key pair under NETWORK & SECURITY.
- Click Create Key Pair button.
- Enter the key pair name of your choice. For this example, the key pair name is
- You need this key pair when launching the EC2 instance. So make sure you give a meaningful name for your key pair which is easy to remember as well.
- Choose Create after entering the key pair name.
- Once the key pair is created, private key file will be downloaded automatically. Save it in a safe place since this is the only time you will have option to save the private key file.
- The private key file will have the extension
Connect to EC2 instance from Windows using PuTTY
Now you have created the key pair and have the private key file with you. You can launch the EC2 instance by choosing the key pair name that you have created. But if you want to connect to the instance using the PuTTY from Windows, then you need to convert the private key format (.pem) to the required (.ppk) format.
Convert your private key
- Get the PuTTYgen tool from here.
- Start PuTTYgen. You will get a window as below.
- Choose RSA for the Type of key to generate.
- Click Load and select the private key file that you have created.
- You have to select All Files option to locate you .pem file since PuTTYgen displays only the .ppk file by default.
- Once you have selected the .pem file PuTTYgen will display the dialog box for successful import of key file. Click OK.
- Leave the Key passphrase field empty. Choose Save private key.
- PuTTYgen will display a Warning for saving the key with out passphrase. Choose Yes.
- For the key file name, specify the one that you have used when generating the key pair in EC2 console. In our case it’s
- Now the private key file will be automatically saved in the .ppk format.
You have the private key file now in correct format in order to connect to your EC2 instances using the PuTTY client. Go ahead and start launching your EC2 instances. This ends our post on creating the Amazon EC2 key pair.
If you have any questions please post it in the comments section. Thank you!