DevOpsLesson
DevOpsLesson

Free, comprehensive DevOps tutorials and learning roadmaps. Master Docker, Kubernetes, CI/CD, and more.

Stay Updated

Get notified about new tutorials and features.

Tutorials

  • What is DevOps?
  • Docker Tutorial
  • Terraform Tutorial
  • CI/CD Pipeline
  • All Tutorials

Roadmaps

  • DevOps Engineer
  • Cloud Engineer
  • SRE Path
  • All Roadmaps

Company

  • About Us
  • Blog
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 DevOpsLesson. All rights reserved.

DOCKERKUBERNETESTERRAFORMAWSCI/CDLINUXGITDEVOPS ROADMAPCLOUD ROADMAPSRE ROADMAPGIT CHEATSHEETDOCKER CHEATSHEETK8S CHEATSHEETTF CHEATSHEETLINUX CHEATSHEETDOCKERFILE LINTERYAML VALIDATORCRON PARSERREGEX TESTER

Aws Tutorial

Introduction to AWS
AWS Global Infrastructure
Setting Up AWS
AWS IAM
AWS EC2
AWS VPC
AWS S3
AWS RDS
AWS Lambda
AWS ECS and EKS
AWS CloudWatch
AWS CodePipeline
AWS Cost Optimization
AWS Elastic Load Balancing
AWS Auto Scaling
AWS CloudFront
AWS Route 53
AWS DynamoDB
AWS ElastiCache
AWS SQS
AWS SNS
AWS EventBridge
AWS Step Functions
AWS API Gateway
AWS ECR
AWS EKS
AWS CloudFormation
AWS Elastic Beanstalk
AWS KMS
AWS Secrets Manager
AWS WAF and Shield
AWS CloudTrail
AWS Config
AWS Systems Manager
AWS Organizations
AWS EFS
AWS EBS Deep Dive
AWS Kinesis
AWS Athena
AWS CodeDeploy
AWS CodeCommit
AWS CDK
AWS SAM

AWS EC2 Key Pairs

PreviousPrev
Next

Understand EC2 key pairs, how to create and use them with SSH, and what recovery options exist if a private key is lost.

EC2 key pairs are the traditional way to authenticate SSH access to Linux instances. AWS stores the public key, and you download or import the private key that proves you are allowed to sign in. When launching an instance, selecting a key pair injects the public key so the OS can trust your matching private key later.

In the console, AWS can generate a new key pair for you and prompt a one-time download of the private key file. Treat that file carefully. If someone else gets it, they may be able to log in wherever the matching public key is installed. Restrict file permissions locally and avoid sending it through chat, email, or source control.

ItemImportant detail
Public keyStored by AWS or imported during setup
Private keyKept by you and used during SSH login
File permissionsShould be restricted, often chmod 400
Lost keyRequires a recovery approach, not a re-download

If you lose the private key, AWS cannot re-download it for you. Recovery usually means using another access path such as AWS Systems Manager Session Manager, attaching the root volume to another instance, or rebuilding the instance from automation. That is one reason many teams prefer SSM-based access for day-to-day administration instead of relying only on SSH keys.

Key pairs are still useful for learning and for environments where SSH access is expected, but they should fit into a broader access strategy that includes least-privilege IAM, logging, and minimized exposure of port 22.

Pair this lesson with AWS EC2 Launch Instance so you understand exactly where the key pair is selected during launch.

chmod 400 demo-key.pem
ssh -i demo-key.pem ec2-user@203.0.113.10
aws ec2 describe-key-pairs --query 'KeyPairs[].KeyName' --output table

Operational note

Treat EC2 instances as managed infrastructure, not pets. Capture launch settings in infrastructure as code, keep bootstrap steps repeatable, and monitor CPU, memory, disk, and patch level from the start. That way replacing an instance is a routine operation instead of a risky manual repair exercise. Shared standards like this make future environments easier to launch, review, and support.

Exercise

Key pair purpose

What is the private key in an EC2 key pair used for?

Exercise

Lost key recovery

If you lose the downloaded private key for a generated EC2 key pair, what is true?

PreviousPrev
Next

Continue Learning

AWS EC2 Launch Instance

Launch an EC2 instance step by step by choosing an AMI, instance type, networking, security group, and key pair, then connect over SSH.

12 min·Easy

AWS EC2 Instance Types

Understand EC2 instance family names and choose between general purpose, compute-optimized, memory-optimized, and specialized hardware.

10 min·Easy

AWS EC2 Security Groups

Use EC2 security groups as stateful firewalls by defining inbound and outbound rules based on ports, CIDR ranges, and other security groups.

12 min·Intermediate

Explore Related Topics

Te

Terraform Tutorials

Manage AWS infrastructure as code

Li

Linux Tutorials

Essential Linux skills for working with EC2

On This Page

Operational note