ImportKeyPair - Amazon Elastic Compute Cloud


Imports the public key from an RSA or ED25519 key pair that you created with a third-party tool. Compare this with CreateKeyPair, in which AWS creates the key pair and gives the keys to you (AWS keeps a copy of the public key). With ImportKeyPair, you create the key pair and give AWS just the public key. The private key is never transferred between you and AWS.

For more information about key pairs, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide.

Request Parameters

The following parameters are for this specific action. For more information about required and optional parameters that are common to all actions, see Common Query Parameters.


Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

Type: Boolean

Required: No


A unique name for the key pair.

Type: String

Required: Yes


The public key. For API calls, the text must be base64-encoded. For command line tools, base64 encoding is performed for you.

Type: Base64-encoded binary data object

Required: Yes


The tags to apply to the imported key pair.

Type: Array of TagSpecification objects

Required: No

Response Elements

The following elements are returned by the service.

  • For RSA key pairs, the key fingerprint is the MD5 public key fingerprint as specified in section 4 of RFC 4716.

  • For ED25519 key pairs, the key fingerprint is the base64-encoded SHA-256 digest, which is the default for OpenSSH, starting with OpenSSH 6.8.

Type: String


The key pair name that you provided.

Type: String


The ID of the resulting key pair.

Type: String


The ID of the request.

Type: String


The tags applied to the imported key pair.

Type: Array of Tag objects


For information about the errors that are common to all actions, see Common client error codes.



This example imports the public key named my-key-pair, and applies a tag with a key of purpose and a value of production.

Sample Request &KeyName=my-key-pair &PublicKeyMaterial=MIICiTCCAfICCQD6m7oRw0uXOjANBgkqhkiG9w0BAQUFADCBiDELMAkGA1UEBhMC VVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6 b24xFDASBgNVBAsTC0lBTSBDb25zb2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAd BgkqhkiG9w0BCQEWEG5vb25lQGFtYXpvbi5jb20wHhcNMTEwNDI1MjA0NTIxWhcN MTIwNDI0MjA0NTIxWjCBiDELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZBbWF6b24xFDASBgNVBAsTC0lBTSBDb25z b2xlMRIwEAYDVQQDEwlUZXN0Q2lsYWMxHzAdBgkqhkiG9w0BCQEWEG5vb25lQGFt YXpvbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMaK0dn+a4GmWIWJ 21uUSfwfEvySWtC2XADZ4nB+BLYgVIk60CpiwsZ3G93vUEIO3IyNoH/f0wYK8m9T rDHudUZg3qX4waLG5M43q7Wgc/MbQITxOUSQv7c7ugFFDzQGBzZswY6786m86gpE Ibb3OhjZnzcvQAaRHhdlQWIMm2nrAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAtCu4 nUhVVxYUntneD9+h8Mg9q6q+auNKyExzyLwaxlAoo7TJHidbtS4J5iNmZgXL0Fkb FFBjvSfpJIlJ00zbhNYS5f6GuoEDmFJl0ZxBHjJnyp378OD8uTs7fLvjx79LjSTb NYiytVbZPQUQ5Yaxu2jXnimvw3rrszlaEXAMPLE &TagSpecification.1.ResourceType=key-pair &TagSpecification.1.Tag.1.Key=purpose &TagSpecification.1.Tag.1.Value=production &AUTHPARAMS

Sample Response

<ImportKeyPairResponse xmlns=""> <requestId>7a62c49f-347e-4fc4-9331-6e8eEXAMPLE</requestId> <keyName>my-key-pair</keyName> <keyPairId>key-abced1234eEXAMPLE</keyPairId> <keyFingerprint>1f:51:ae:28:bf:89:e9:d8:1f:25:5d:37:2d:7d:b8:ca:9f:f5:f1:6f</keyFingerprint> <tagSet> <item> <key>purpose</key> <value>production</value> </item> </tagSet> </ImportKeyPairResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: