AWS Key Pair Terraform module
Terraform module which creates EC2 key pair on AWS.
Usage
EC2 Key pair w/ module created key material
module "key_pair" {
source = "terraform-aws-modules/key-pair/aws"
key_name = "deployer-one"
create_private_key = true
}EC2 Key pair w/ externally created public key material
resource "tls_private_key" "this" {
algorithm = "RSA"
}
module "key_pair" {
source = "terraform-aws-modules/key-pair/aws"
key_name = "deployer-two"
public_key = trimspace(tls_private_key.this.public_key_openssh)
}EC2 Key pair w/ existing public key material
module "key_pair" {
source = "terraform-aws-modules/key-pair/aws"
key_name = "deployer-three"
public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD3F6tyPEFEzV0LX3X8BsXdMsQz1x2cEikKDEY0aIj41qgxMCP/iteneqXSIFZBp5vizPvaoIR3Um9xK7PGoW8giupGn+EPuxIA4cDM4vzOqOkiMPhz5XK0whEjkVzTo4+S0puvDZuwIsdiW9mxhJc7tgBNL0cYlWSYVkz4G/fslNfRPW5mYAM49f4fhtxPb5ok4Q2Lg9dPKVHO/Bgeu5woMc7RY0p1ej6D4CKFE6lymSDJpW0YHX/wqE9+cfEauh7xZcG0q9t2ta6F6fmX0agvpFyZo8aFbXeUBr7osSCJNgvavWbM/06niWrOvYX2xwWdhXmXSrbX8ZbabVohBK41 email@example.com"
}Conditional creation
Sometimes you need to have a way to create key pair conditionally but Terraform does not allow to use count inside module block, so the solution is to specify argument create_key_pair.
# This EC2 key pair will not be created
module "key_pair" {
source = "terraform-aws-modules/key-pair/aws"
create = false
# ... omitted
}Examples:
- Complete - Create EC2 key pair
Requirements
| Name | Version |
|---|---|
| terraform | >= 1.0 |
| aws | >= 4.21 |
| tls | >= 3.4 |
Providers
| Name | Version |
|---|---|
| aws | >= 4.21 |
| tls | >= 3.4 |
Modules
No modules.
Resources
| Name | Type |
|---|---|
| aws_key_pair.this | resource |
| tls_private_key.this | resource |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| create | Determines whether resources will be created (affects all resources) | bool |
true |
no |
| create_private_key | Determines whether a private key will be created | bool |
false |
no |
| key_name | The name for the key pair. Conflicts with key_name_prefix |
string |
null |
no |
| key_name_prefix | Creates a unique name beginning with the specified prefix. Conflicts with key_name |
string |
null |
no |
| private_key_algorithm | Name of the algorithm to use when generating the private key. Currently-supported values are RSA and ED25519 |
string |
"RSA" |
no |
| private_key_rsa_bits | When algorithm is RSA, the size of the generated RSA key, in bits (default: 4096) |
number |
4096 |
no |
| public_key | The public key material | string |
"" |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
Outputs
| Name | Description |
|---|---|
| key_pair_arn | The key pair ARN |
| key_pair_fingerprint | The MD5 public key fingerprint as specified in section 4 of RFC 4716 |
| key_pair_id | The key pair ID |
| key_pair_name | The key pair name |
| private_key_id | Unique identifier for this resource: hexadecimal representation of the SHA1 checksum of the resource |
| private_key_openssh | Private key data in OpenSSH PEM (RFC 4716) format |
| private_key_pem | Private key data in PEM (RFC 1421) format |
| public_key_fingerprint_md5 | The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. aa:bb:cc:.... Only available if the selected private key format is compatible, similarly to public_key_openssh and the ECDSA P224 limitations |
| public_key_fingerprint_sha256 | The fingerprint of the public key data in OpenSSH SHA256 hash format, e.g. SHA256:.... Only available if the selected private key format is compatible, similarly to public_key_openssh and the ECDSA P224 limitations |
| public_key_openssh | The public key data in "Authorized Keys" format. This is populated only if the configured private key is supported: this includes all RSA and ED25519 keys |
| public_key_pem | Public key data in PEM (RFC 1421) format |
Authors
Module is maintained by Anton Babenko with help from these awesome contributors.
License
Apache 2 Licensed. See LICENSE for full details.