What Is An EC2 Key Pair – With Every Machine You Attach One Key, To Take The Remote Of The Machine, You Do Not Provide Any Password, Of course Username Is There, You Do Not Provide Password.

  • Instead of Password You Are Using The Key.
  • So What Exactly Is This Key?
  • AWS Uses Public Key Cryptography To Login To EC2 Instance.
  • So This Is Called Public Key Cryptography, You Are Using To Login To Your Instance
  • We Are Using Asymmetric Cryptography

We Have Only Two Cryptography

1. Symmetric

2. Asymmetric 

In Symmetric, We Use The Same Key For Encryption & Same Key For Decryption.

But In Asymmetric We Have Two Keys.

1.Public Key – Actually Public Key Is Used To Encrypt Your Information, If You Want To Encrypt Your Information. You Will Use Public Key.

2. Private Key – Private Key Is Used For Decrypt The Information. You’ll Use It For Decryption.


So When You Create This Key Pair(Public & Private Key), AWS Is Own Of Public Key & You Are The Owner Of Private Key.

You Download This Private Key.

The Both Key Are Part Of Set.

AWS Uses A Key Pair Of This Key.

Public Key Is Used To Encrypt The Password, Private Key Used To Decrypt The Password.



So You Create A Key Pair To Login In To Your EC2 Instance., The Mechanism & The Purpose Also Is Very Clear.

How It Is Being Created?

Where You Can Create?

What Kind Of Keys You Can Create?

If Needed You Can Also Import Key From Your External Resources, From Third Party, May Be From Some People Why Should I Use AWS Platform.

We Have Very Advanced Mechanism To Create Public & Private Keys.

You Can Import Keys From External Resources.

And AWS Generates & Uses Some Algorithm, Il Discuss Algorithm Here.

So May Be Some Changes You Can Find In Future But As Of Now.

AWS USES -> SSH-2 RSA Algorithm To Create This Key.

And It Uses 2048 Bit Keys.

This Is Very Big Number.

I Need To Tell You Some Important Information About These Key.

Upto 5000 Keys Can Be Created Per Region.

By Default – It Is In .pem Format.

You Always Find Your Key In Pem Format.

So This Is Your Default Format.

You Can Also Create In PPK Format.

We Have Multiple Tools To Take SSH of Your Machine.



If You Are Using Putty. Putty Does Support To .PPK Format.

It Doesn’t Support .Pem Format.

Using Putty Gen You Can Convert .pem Format to .ppk Format.

Why You Should Convert It To From One Format To Another Format.

However This Feature Is Already There In EC2.



Go To AWS Management Console-Check In Which Region You Are In, North Virginia?

Click On EC2 Dashboard.

See How Many Key Pairs You Have?

You Have 8 Key Pairs.

You Have 8 Keys In North Virginia.

In This Way You Can Create Upto Maximum 5000 Keys.

Or Keys Pair In This Particular Region.

So This Is The Limit You Have.


How You Can Create A Key In It?

You Can Definitely Delete Them. Before Delete Them Ensure That No EC2 Instance Are Using. You Are Deleted The EC2 Instance. You Want To Delete.

  • The Keys Can Be Created Either In .Pem Format or .PPK Format
  • It Depends On You What Format You Want To Use To Create A New Key
  • So Let Me Show You, Lets Say
  • Goto EC2 Dashboard->Left Side Under Network and Security-> Key Pairs
  • You Have Number Of Keys You Are Using With EC2 Instances
  • Or You May Use All These Key Pair
  • You Can See Finger Print Of The Key Beside Every Key
  • Beside That You Can See The Unique ID of The Key
  • You Key See Name Of The Key
  • This Is The Public Key Which AWS Stored At The End
  • Go And Create A Key Pair
  • Write The Name Of The Key
  • We Have Formats To Select, If You Are Using .Pem Format
  • This Is For Open SSH Tools
  • and If You Are Using PPK Format, It Is Only For Putty Tool.
  • Putty Is Terminal Emulation Software
  • Putty, Mobex Term Are Tools. These Two Are Termination Emulation Tools.
  • You Can Use These Tools To Take SSH Of Your Machine.
  • Then Putty Does Support To .PPK Format.
  • So Its Upto You, What Kind Of Key You Want To Create.
  • Click On Create Key Pair.
  • Now You Have The Key.
  • The Key Will Be Created, This Is The Public Key of This Pair, You Can See In Key Pairs List.
  • And You Downloaded, The Private Key Of This Same Set.
  • This Feature Makes Your Life More Simple.

With The AWS Free Tier Account, You Can Only Create 20 EC2 Instances, But Taking The Support Of AWS Support, You Can Create n Number Of Machines.

Each EC2 Instance Require One Key Pair, The Same Key Pair Can Be Used With The Multiple Instances.


Lets Say We Have Client, Lets Say He Has 100 EC2 Machines.

These 100 Machines Can Use One Key Pair.

They Same Key Can Be Allocated To Multiple ec2 Instances.

Maximum Keys You Can Create 5000 Per Region.

This Is Extremely Big Number.

I Dont Think Anybody On This Planet Is Using This Number Upto 5000 Per Region.



We Have Public & Private IP Addresses

  • So AWS Support Both IPv4 And IPv6
  • By Default Your Instance Will Get One Public IP & One Private IP Address
  • By Default Public IP It Is Dynamic IP Address In Nature
  • Its Not A Static IP Address
  • Let Say See The Your Public IP & Private IP Address On Your Ec2 Dashboard- Details Section
  • So The Public IP Address To The Instance Is Dynamic IP Address.
  • What Is The Meaning Of Dynamic Public IP Address?
  • If You Restart The Machine, If You Stop The Machine, If You Reboot The Machine
  • There May Be Chances To Change In This IP Address
  • Practically, You Have This Public IP Address?
  • Try To Copy & Paste Your Machines Public & Private IP Address Somewhere.
  • If You Stop & Restart The Machine, The Public IP Address Will Change.
  • Public IP Address Is Dynamic IP Address.
  • If You Terminate Your Machine, Is The Respective Key Pair Will Be Deleted?
  • No, The Key Pair Will Not Be Deleted.
  • It Will Remain With You And As Well As AWS Platform.
  • If You Want To Use The Same Key Again You Can Use The Same Key Again.
  • But The Machine Is Deleted, The Machine Is Terminated.
  • Key Will Remain In Your Account.
  • Public IP Address Will Change If You Restart The Machine But The Private IP Address Will Remain Same.
  • Because You Are Getting Private Address From VPC, From Your Internal Network.
  • So Its Private IP Address
  • And Private IP Addresses Are Not Accessible Over The Internet.
  • You Can Reach Your Machine Only Using Public IP Address.
  • Every Time You Restart Machine, Every Time You Get New IP Address.
  • If You Provide An Static IP Address To Machine, Do We Have Any Option?
  • Because Every time You Find IP Addresses Being Changed, So How You Can Manage Your DNS Record Entry?
  • You Need Static IP Address In Some Cases.
  • So We Have An Option For That, That Is Elastic IP Address
  • Its EIP(Elastic IP Address)
  • If You Are Using Elastic IP Address, It Provides Static IP Address To Your Instance.
  • Or Your Network Interface To Your Load Balancer Or To Container(Docker Container)
  • EIP Is Not Free Of Cost,
  • In Free AWS Account, You’ll Get Only One EIP Free
  • Maximum 5 EIP Per Region You Can Take.
  • This Is Kind Of Quota If You Talk With AWS Support Team.
  • But By Default Upto 5 EIP You Can Allocate.


How To Take And How To Map With EC2 Instance?

  1. Allocate An EIP to Your AWS Account.
  2. Associate The EIP with EC2 Instance, You Can Associate With Any Resource, If You Are Using Container, You Can Associate With Container Or Network Interface Etc.
  3. Then The Job Is Done.


If You Deleted The EC2 Instance, Then Your EIP Will Fail.

Then How You Can Release This EIP? Because It Is The Static IP Address.

The Process To Release The EIP –

  1. Disassociate The EIP From The Machine.
  2. Once It Is Disassociated, The You’ll Release The EIP To Avoid The Charges From AWS.

By Default You’ll Public And Private IP Addresses To Your Machine When It Is Created But When You Want To Provide The Static IP Address Then You Have To Put Some Efforts.


Allocating EIP To The EC2 Instance

Go To EC2 Dashboard

When You See Instance Summary Below Your Instance.

You’ll See The EIP Section Is Blank, It Means You Do Not Have Any Static IP Address To Your Machine.

Or Fixed IP Address To Your Machine.

You Machine Is Running, Left Hand Side You Can See, You Scroll Down, You Just Navigate The Left Side Pan.

You’ll See Elastic IP Option, Under Network & Security.

You Click On It.

Just Click On Allocate EIP.

First Of All You’ll Allocate An EIP.

And Choose In Which Region You Want To Allocate The EIP.

So That Is The Code Of Your Region Under Elastic IP Address Settings.


You Are Taking This EIP From From Amazon’s Pool Of IPv4 IP Addresses.

Means You Are Purchasing This EIP, Static IP Address, Fix IP Address From Amazon’s Pool.

In Some Cases Company Says ‘NO We Do Not Want To Purchase, We Already Have The EIP In Bulk, We Already Purchased From ISP.

So What Should You Do?

In That Case First Of All You Have To Map Those IP’s With The AWS Account And Later On Those IP Addresses Can Be Used With Your EC2 Instances Or Other Resources, In That Case You Wont Pay Any Money To AWS For Those EIP’s.

But Here In This Case You Are Purchasing, Im Just Getting EIP From Amazon’s Pools Of IPv4,

So This Is The Default Setting, Let It Be As It Is.

Just Click On Allocate,

You Allocated One EIP.

This Is The EIP.

Now You Have The Static IP Address But This Static IP Address As Of Now Is Not Mapped With Any EC2 Instance.

So This Is Free, This Is Individual, This Is Not Yet Mapped With Any Resource.

So This Is Free From Resource, So You Need To Just Map This EIP With One Instance.

What You’ll Do, You’ll Select This EIP And Go To Actions.

And You Can Associate This EIP, You Select The Associate Elastic IP Address Option.

And Now It Is Asking On Which Particular Resource You Want To Map This EIP.

So We Have Two Options Here, One Is Instance And One Is Network Interface.

So You Are Choosing Instance Here.

You Click On Instance Here.

This Is The Running Instance You Have Right Now.

Either You Can Find Instance With Instance ID.

So You Are Selecting This Instance.

So Are You Providing Private IP Address Too?

Yes, You Are Providing Private IP Address To One Machine.

So Now If You Just Click On Associate.

The Picture Will Change.

Now This EIP,Is Mapped With This EC2 Instance, You Can See The Instance ID Under Associated Instance ID.

You Go Back To Instances Which Is There On Your Left Side On The Screen.

And If You Refresh It, This Time What You See?

You Have Now, EIP, With You.

Now You Can See The Public IP Address & EIP, Both Are Same For Your Machine.

Even The DNS Of This Machine Also Have The Same EIP In Its Name.

And The Private IP Address Will Remain Same.

And Now I Think The Picture Is Clear.

How You Can Provide And EIP To Your EC2 Instance.


Usefulness Of EIP & Why EIP Is Introduced?

If You Want To Provide An Fixed IP Address To Your Instance, We Have An Option Called EIP.

If You Have An EIP To Your Instance And If You Are Restarting Your Machine Again & Again, You Are Stopping & You Are Starting The Machine.

IP Address On That Machine Remain Same.

If You Have EIP On Your Machine, You Can Con figure Its Record In Route 53.

Even The If The EIP Is Same, You Can Use The EIP With The Load Balancers.

If You Have An Fixed EIP, The Best Thing Is You Can Define & Host Its On You Can Divert The Traffic.


How You Can Release This EIP?

Under Network & Security, Click On Elastic IPs.

You Can See EIP You Have.

Select This EIP.

Go To Actions-> Click On Disassociate The Elastic IP Address(Which Means First Of All You Are Disassociating This EIP From Your EC2 Instance)

After Clicking On It, You’ll See The EIP Is Not Associated With Any 2EC2 Instance.

It Has Been Disassociated.

Now Once Again Goto Actions, Now You Can Release The EIP, If You Release The EIP.

In Your Account There Is No EIP.

And If You Dont Have Any EIP, AWS Will Not Charge For This EIP.






























Leave a Reply

Your email address will not be published. Required fields are marked *