CreateKeyPair - Amazon Lightsail


Creates a custom SSH key pair that you can use with an Amazon Lightsail instance.


Use the DownloadDefaultKeyPair action to create a Lightsail default key pair in an AWS Region where a default key pair does not currently exist.

The create key pair operation supports tag-based access control via request tags. For more information, see the Amazon Lightsail Developer Guide.

Request Syntax

{ "keyPairName": "string", "tags": [ { "key": "string", "value": "string" } ] }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The name for your new key pair.

Type: String

Pattern: \w[\w\-]*\w

Required: Yes


The tag keys and optional values to add to the resource during create.

Use the TagResource action to tag a resource after it's created.

Type: Array of Tag objects

Required: No

Response Syntax

{ "keyPair": { "arn": "string", "createdAt": number, "fingerprint": "string", "location": { "availabilityZone": "string", "regionName": "string" }, "name": "string", "resourceType": "string", "supportCode": "string", "tags": [ { "key": "string", "value": "string" } ] }, "operation": { "createdAt": number, "errorCode": "string", "errorDetails": "string", "id": "string", "isTerminal": boolean, "location": { "availabilityZone": "string", "regionName": "string" }, "operationDetails": "string", "operationType": "string", "resourceName": "string", "resourceType": "string", "status": "string", "statusChangedAt": number }, "privateKeyBase64": "string", "publicKeyBase64": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


An array of key-value pairs containing information about the new key pair you just created.

Type: KeyPair object


An array of objects that describe the result of the action, such as the status of the request, the timestamp of the request, and the resources affected by the request.

Type: Operation object


A base64-encoded RSA private key.

Type: String


A base64-encoded public key of the ssh-rsa type.

Type: String


For information about the errors that are common to all actions, see Common Errors.


Lightsail throws this exception when the user cannot be authenticated or uses invalid credentials to access a resource.

HTTP Status Code: 400


Lightsail throws this exception when an account is still in the setup in progress state.

HTTP Status Code: 400


Lightsail throws this exception when user input does not conform to the validation rules of an input field.


Domain and distribution APIs are only available in the N. Virginia (us-east-1) AWS Region. Please set your AWS Region configuration to us-east-1 to create, view, or edit these resources.

HTTP Status Code: 400


Lightsail throws this exception when it cannot find a resource.

HTTP Status Code: 400


Lightsail throws this exception when an operation fails to execute.

HTTP Status Code: 400


A general service exception.

HTTP Status Code: 500


Lightsail throws this exception when the user has not been authenticated.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: