Skip to content

terraform-aws-modules/terraform-aws-key-pair

AWS Key Pair Terraform module

Terraform module which creates EC2 key pair on AWS.

SWUbanner

Usage

EC2 Key pair w/ module created key material

module "key_pair" {
  source = "terraform-aws-modules/key-pair/aws"

  key_name           = "deployer-one"
  create_private_key = true
}

EC2 Key pair w/ externally created public key material

resource "tls_private_key" "this" {
  algorithm = "RSA"
}

module "key_pair" {
  source = "terraform-aws-modules/key-pair/aws"

  key_name   = "deployer-two"
  public_key = trimspace(tls_private_key.this.public_key_openssh)
}

EC2 Key pair w/ existing public key material

module "key_pair" {
  source = "terraform-aws-modules/key-pair/aws"

  key_name   = "deployer-three"
  public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com"
}

Conditional creation

Sometimes you need to have a way to create key pair conditionally but Terraform does not allow to use count inside module block, so the solution is to specify argument create_key_pair.

# This EC2 key pair will not be created
module "key_pair" {
  source = "terraform-aws-modules/key-pair/aws"

  create = false
  # ... omitted
}

Examples:

Requirements

Name Version
terraform >= 1.0
aws >= 4.21
tls >= 3.4

Providers

Name Version
aws >= 4.21
tls >= 3.4

Modules

No modules.

Resources

Name Type
aws_key_pair.this resource
tls_private_key.this resource

Inputs

Name Description Type Default Required
create Determines whether resources will be created (affects all resources) bool true no
create_private_key Determines whether a private key will be created bool false no
key_name The name for the key pair. Conflicts with key_name_prefix string null no
key_name_prefix Creates a unique name beginning with the specified prefix. Conflicts with key_name string null no
private_key_algorithm Name of the algorithm to use when generating the private key. Currently-supported values are RSA and ED25519 string "RSA" no
private_key_rsa_bits When algorithm is RSA, the size of the generated RSA key, in bits (default: 4096) number 4096 no
public_key The public key material string "" no
tags A map of tags to add to all resources map(string) {} no

Outputs

Name Description
key_pair_arn The key pair ARN
key_pair_fingerprint The MD5 public key fingerprint as specified in section 4 of RFC 4716
key_pair_id The key pair ID
key_pair_name The key pair name
private_key_id Unique identifier for this resource: hexadecimal representation of the SHA1 checksum of the resource
private_key_openssh Private key data in OpenSSH PEM (RFC 4716) format
private_key_pem Private key data in PEM (RFC 1421) format
public_key_fingerprint_md5 The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, similarly to public_key_openssh and the ECDSA P224 limitations
public_key_fingerprint_sha256 The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. SHA256:.... Only available if the selected private key format is compatible, similarly to public_key_openssh and the ECDSA P224 limitations
public_key_openssh The public key data in "Authorized Keys" format. This is populated only if the configured private key is supported: this includes all RSA and ED25519 keys
public_key_pem Public key data in PEM (RFC 1421) format

Authors

Module is maintained by Anton Babenko with help from these awesome contributors.

License

Apache 2 Licensed. See LICENSE for full details.