This article shows how to use the AWS Command Line Interface (AWS CLI) to configure a single SSH key pair on multiple AWS Regions. By doing this you can access EC2 instances from different regions using the same SSH key pair.
Installing and configuring AWS CLI
Start by installing and configuring the AWS command line interface:
sudo dnf install awscli aws configure
Verify the AWS CLI installed correctly:
aws --version aws-cli/1.11.109 Python/3.6.1 Linux/4.11.10-300.fc26.x86_64 botocore/1.5.72
Configuring the SSH key pair
If you don’t have an SSH key pair or want to follow this article using a new one:
openssl genrsa -out ~/.ssh/aws.pem 2048 ssh-keygen -y -f ~/.ssh/aws.pem > ~/.ssh/aws.pub
If you already have an SSH private key created using the AWS Console, extract the public key from it:
ssh-keygen -y -f ~/.ssh/aws.pem > ~/.ssh/aws.pub
Importing the SSH key pair
Now that you have the public key, declare the variable AWS_REGION containing a list with the regions to which you want to copy your SSH key. To check the full list of available AWS regions useĀ this link.
AWS_REGION="us-east-1 us-east-2 us-west-1 us-west-2 ap-south-1 eu-central-1 eu-west-1 eu-west-2"
If you don’t want to specify each region manually, you can use the ec2 describe-regions command to get a list of all available regions:
AWS_REGION=$(aws ec2 describe-regions --output text | awk '{print $3}' | xargs)
Next, import the SSH public key to these regions, substituting your key’s name for <MyKey>:
for each in ${AWS_REGION} ; do aws ec2 import-key-pair --key-name <MyKey> --public-key-material file://~/.ssh/aws.pub --region each ; done
Also, if you want to display which SSH key is available in a region:
aws ec2 describe-key-pairs --region REGION
To delete an SSH key from a region:
aws ec2 delete-key-pair --key-name <MyKey> --region REGION
Congratulations, now you can use the same SSH key to access all your instances in the regions where you copied it. Enjoy!
Andres
Thanks!
Maimela
how does one enable biometrics scanner on fedora (fido, u2f) help anyone and it’s not a yubikey
David Di Blasio
Great writeup, however, I did hit 1 issue while running through the instructions:
I had to add a $ to each for it to iterate through the list of regions. Here’s what worked for me
for each in ${AWS_REGION} ; do aws ec2 import-key-pair –key-name –public-key-material file://~/.ssh/aws.pub –region $each ; done
Cheers!
David Duncan
Great article on creating a consistent action over multiple regions! Well done.
I would use the AWS CLI command ‘ec2 describe-regions’ to pick up all the latest regions rather than the website list.
AWS_REGION=$(aws ec2 describe-regions –query ‘Regions[].RegionName’ –output text
)
That will provide you a full list of standard regions in your expected format. The list is formatted using the JMESPath query language developed by James Saryerwinnie in the AWS SDK team for filtering the list. That gives you the added power of filtering your output in json format before it is output as text. The JMESPath is included in the AWS CLI https://github.com/jmespath/jmespath.py
Alternatively, you could use a more *nix tool like jq as your filter for the JSON output like the following:
aws ec2 describe-regions | jq -r ‘.Regions[].RegionName’