[Enhancement]: Resource/aws_key_pair - Enable key pair generation by leaving out public key

[researchgecko]

Description

CloudFormation allows for creating EC2 key pairs by omitting the public key material in AWS::EC2::KeyPair. Ref: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-keypair.html

At present, the public key is a required field in Terraform: https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/key_pair#public_key

Is it possible to enable key pair creation by specifying key_name and leaving out public_key, similar to CloudFormation?

Affected Resource(s) and/or Data Source(s)

resource/aws_key_pair

Potential Terraform Configuration

resource "aws_key_pair" "deployer" {
  key_name   = "deployer-key"
}

References

AWS's CloudFormation guide for EC2 key pairs: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-keypair.html

Would you like to implement a fix?

None

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[eugercek]

There's also this problem https://github.com/hashicorp/terraform-provider-tls/issues/44 terraform-provider-tls cannot import tls key. Operator needs to manual work to import keys. IMO every ec2 needs to have ssh option at a backup for ssm connect. And to have proper security they need different key pairs. Thus this will block many workflows.