How to use the same SSH key pair in all AWS regions

This article shows how to use the AWS Command Line Interface (AWS CLI) to configure a single SSH key pair on multiple AWS Regions. By doing this you can access EC2 instances from different regions using the same SSH key pair.

Installing and configuring AWS CLI

Start by installing and configuring the AWS command line interface:

sudo dnf install awscli
aws configure

Verify the AWS CLI installed correctly:

aws --version
aws-cli/1.11.109 Python/3.6.1 Linux/4.11.10-300.fc26.x86_64 botocore/1.5.72

Configuring the SSH key pair

If you don’t have an SSH key pair or want to follow this article using a new one:

openssl genrsa -out ~/.ssh/aws.pem 2048
ssh-keygen -y -f ~/.ssh/aws.pem > ~/.ssh/aws.pub

If you already have an SSH private key created using the AWS Console, extract the public key from it:

ssh-keygen -y -f ~/.ssh/aws.pem > ~/.ssh/aws.pub

Importing the SSH key pair

Now that you have the public key, declare the variable AWS_REGION containing a list with the regions to which you want to copy your SSH key. To check the full list of available AWS regions useĀ this link.

AWS_REGION="us-east-1 us-east-2 us-west-1 us-west-2 ap-south-1 eu-central-1 eu-west-1 eu-west-2"

If you don’t want to specify each region manually, you can use the ec2 describe-regions command to get a list of all available regions:

AWS_REGION=$(aws ec2 describe-regions --output text | awk '{print $3}' | xargs)

Next, import the SSH public key to these regions, substituting your key’s name for <MyKey>:

for each in ${AWS_REGION} ; do aws ec2 import-key-pair --key-name <MyKey> --public-key-material file://~/.ssh/aws.pub --region each ; done

Also, if you want to display which SSH key is available in a region:

aws ec2 describe-key-pairs --region REGION

To delete an SSH key from a region:

aws ec2 delete-key-pair --key-name <MyKey> --region REGION

Congratulations, now you can use the same SSH key to access all your instances in the regions where you copied it. Enjoy!

For System Administrators

4 Comments

  1. Andres

    Thanks!

  2. Maimela

    how does one enable biometrics scanner on fedora (fido, u2f) help anyone and it’s not a yubikey

  3. David Di Blasio

    Great writeup, however, I did hit 1 issue while running through the instructions:

    I had to add a $ to each for it to iterate through the list of regions. Here’s what worked for me

    for each in ${AWS_REGION} ; do aws ec2 import-key-pair –key-name –public-key-material file://~/.ssh/aws.pub –region $each ; done

    Cheers!

  4. David Duncan

    Great article on creating a consistent action over multiple regions! Well done.

    I would use the AWS CLI command ‘ec2 describe-regions’ to pick up all the latest regions rather than the website list.

    AWS_REGION=$(aws ec2 describe-regions –query ‘Regions[].RegionName’ –output text
    )

    That will provide you a full list of standard regions in your expected format. The list is formatted using the JMESPath query language developed by James Saryerwinnie in the AWS SDK team for filtering the list. That gives you the added power of filtering your output in json format before it is output as text. The JMESPath is included in the AWS CLI https://github.com/jmespath/jmespath.py

    Alternatively, you could use a more *nix tool like jq as your filter for the JSON output like the following:

    aws ec2 describe-regions | jq -r ‘.Regions[].RegionName’

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions

%d bloggers like this: