[cs615asa] Homework 2 Question

Jan Schaumann jschauma at stevens.edu
Tue Feb 12 09:53:03 EST 2019

Thomas L Pyle <tpyle at stevens.edu> wrote:
> For homework 2, when we create the instance, how do we know what
> keypair to use? Should we generate a new one?

We don't want to generate a new keypair per the earlier promise that our
tool will not make any changes to the user's setup or environment (a
generally useful consideration, based on the Principle Of Least

That would mean we'd have to assume that a default key has been
configured correctly, but AWS configurations may differ in the use, and
the user may in fact already have a default key that they may not wish
to use for this purpose (separation of privileges is a Good Thing(tm)).

So let's stipulate that our tool requires the presence of a dedicated
SSH keypair.  That is, the user running the tool must have set up a
keypair called 'ec2-backup' in AWS and must have set up their
~/.ssh/config to use that key.  That would look like this:

$ ssh-keygen -t rsa -C "ec2-backup only" -f ~/.ssh/ec2-backup -b 4096
$ aws ec2 import-key-pair --key-name ec2-backup \
	--public-key-material file://~/.ssh/ec2-backup.pub
$ aws ec2 describe-key-pairs --key-name ec2-backup
KEYPAIRS	b6:6f:b5:90:0f:14:85:a6:82:d0:61:b8:78:3c:c8:b1 ec2-backup
$ grep -A6 amazonaws ~/.ssh/config
Host *amazonaws.com
	User root
	IdentityFile ~/.ssh/ec2
	IdentityFile ~/.ssh/ec2-backup
	IdentitiesOnly yes
	UserKnownHostsFile /dev/null
	StrictHostKeyChecking no

At this point, everything is set up and your tool can use the
'ec2-backup' key name to create and access instances:

$ aws ec2 run-instances --key-name ec2-backup --image-id ami-569ed93c \
	--instance-type t1.micro
$ ssh ec2-3-84-173-113.compute-1.amazonaws.com hostname

I have updated the manual page of the tool in the homework assignment to
reflect the above assumptions you can safely make.  At a future
iteration of the tool, we may add a way for the user to specify
alternative keys or other options, but for this assignment, let's keep
it simple by relying on the 'ec2-backup' key.


More information about the cs615asa mailing list