Amazon EMR
Management Guide

Create SSH Credentials for the Master Node

Create an Amazon EC2 Key Pair and PEM File

Amazon EMR uses an Amazon EC2 key pair to ensure that you alone have access to the instances that you launch. The PEM file associated with this key pair is required to ssh directly to the master node of the cluster.

To create an Amazon EC2 key pair

  1. Open the Amazon EC2 console at

  2. Select a value for Region.

  3. In the Navigation pane, choose Key Pairs.

  4. On the Key Pairs page, choose Create Key Pair.

  5. In the Create Key Pair dialog box, enter a name for your key pair, such as mykeypair.

  6. Choose Create.

  7. Save the resulting PEM file in a safe location.

Your Amazon EC2 key pair and an associated PEM file are created.

Modify Your PEM File

Amazon EMR enables you to work interactively with your cluster, allowing you to test cluster steps or troubleshoot your cluster environment. To log in directly to the master node of your running cluster, you can use ssh or PuTTY. Use your PEM file to authenticate to the master node. The PEM file requires a modification based on the tool you use that supports your operating system. Use the CLI to connect on Linux, UNIX, or Mac OS X computers or use PuTTY to connect on Microsoft Windows computers. For more information about how to install the Amazon EMR CLI or PuTTY, see the Amazon EMR Getting Started Guide.

To modify your credentials file

  • Create a local permissions file:

    1. Linux, UNIX, or Mac OS X

      Set the permissions on the PEM file or your Amazon EC2 key pair. For example, if you saved the file as mykeypair.pem, the command looks like the following:

      chmod og-rwx mykeypair.pem
    2. Microsoft Windows

      1. Download PuTTYgen.exe to your computer from

      2. Launch PuTTYgen.

      3. Choose Load, select the PEM file that you created earlier, and choose Open.

      4. Choose OK on the PuTTYgen Notice telling you that the key was successfully imported.

      5. Choose Save private key to save the key in the PPK format.

      6. When PuTTYgen prompts you to save the key without a pass phrase, choose Yes.

      7. Enter a name for your PuTTY private key, such as, mykeypair.ppk.

      8. Choose Save to exit the PuTTYgen application.

      9. Exit the PuTTYgen application.

Your credentials file is modified to allow you to log in directly to the master node of your running cluster.