AWS SDK for .NET
Developer Guide

Working with Amazon EC2 Key Pairs

Amazon EC2 uses public–key cryptography to encrypt and decrypt login information. Public–key cryptography uses a public key to encrypt data, then the recipient uses the private key to decrypt the data. The public and private keys are known as a key pair. You must specify a key pair when you launch an EC2 instance and specify the private key of the keypair when you connect to the instance. You can create a key pair or use one you've used when launching other instances. For more information, see Amazon EC2 Key Pairs in the Amazon EC2 User Guide for Windows Instances. This example shows how to create a key pair, describe key pairs and delete a key pair using these AmazonEC2Client methods:

Create a Key Pair and Save the Private Key

When you create a new key pair, you must save the private key that is returned. You cannot retrieve the private key later.

Create and initialize a CreateKeyPairRequest object. Set the KeyName property to the name of the key pair.

Pass the request object to the CreateKeyPair method, which returns a CreateKeyPairResponse object. If a key pair with the specified name already exists, an AmazonEC2Exception is thrown.

The response object includes a CreateKeyPairResponse object that contains the new key's KeyPair object. The KeyPair object's KeyMaterial property contains the unencrypted private key for the key pair. Save the private key as a .pem file in a safe location. You'll need this file when you connect to your instance. This example saves the private key in the specified file name.

public static void CreateKeyPair( AmazonEC2Client ec2Client, string keyPairName, string privateKeyFile) { var request = new CreateKeyPairRequest(); request.KeyName = keyPairName; try { var response = ec2Client.CreateKeyPair(request); Console.WriteLine(); Console.WriteLine("New key: " + keyPairName); // Save the private key in a .pem file using (FileStream s = new FileStream(privateKeyFile, FileMode.Create)) using (StreamWriter writer = new StreamWriter(s)) { writer.WriteLine(response.KeyPair.KeyMaterial); } } catch (AmazonEC2Exception ex) { // Check the ErrorCode to see if the key already exists if("InvalidKeyPair.Duplicate" == ex.ErrorCode) { Console.WriteLine("The key pair \"{0}\" already exists.", keyPairName); } else { // The exception was thrown for another reason, so re-throw the exception. throw; } } } .. _enumerate-key-pairs:

Enumerate Your Key Pairs

You can enumerate your key pairs and check whether a key pair exists.

Get the complete list of your key pairs using the DescribeKeyPairs method with no parameters.

public static void EnumerateKeyPairs(AmazonEC2Client ec2Client) { var request = new DescribeKeyPairsRequest(); var response = ec2Client.DescribeKeyPairs(request); foreach (KeyPairInfo item in response.KeyPairs) { Console.WriteLine("Existing key pair: " + item.KeyName); } } .. _delete-key-pairs:

Delete Key Pairs

You can delete a key pair by calling the DeleteKeyPair from your AmazonEC2Client instance.

Pass a DeleteKeyPairRequest containing the name of the key pair to the DeleteKeyPair method of the AmazonEC2Client object.

public static void DeleteKeyPair( AmazonEC2Client ec2Client, KeyPair keyPair) { try { // Delete key pair created for sample ec2Client.DeleteKeyPair(new DeleteKeyPairRequest { KeyName = keyPair.KeyName }); } catch (AmazonEC2Exception ex) { // Check the ErrorCode to see if the key already exists if ("InvalidKeyPair.NotFound" == ex.ErrorCode) { Console.WriteLine("The key pair \"{0}\" was not found.", keyPair.KeyName); } else { // The exception was thrown for another reason, so re-throw the exception throw; } } }