Can't create/import key pairs in lab

emiliano · February 9, 2024, 11:39am

Hi.
I can’t create key pairs in lab account 319385625986

You are not authorized to perform this operation. User: arn:aws:iam::319385625986:user/kk_labs_user_683141 is not authorized to perform: ec2:CreateKeyPair on resource: arn:aws:ec2:eu-north-1:319385625986:key-pair/Ec2instancekeypair with an explicit deny in a service control policy. Encoded authorization failure message: BF4UlR4gKDI_aKu5ajCsS1awZ7QHpXnzxsg45s4AFh1vtMwfYfnKstnJbK4yjf25tXbSzHCQ4bB-FDPwbz1Kb2HPf6LioVdhb0N_nYHZZ4rzh_VT7hmIdHowp3AIwHIo8HTEi3M4YiPrY_uPH1iv-I9RkkX_L7vfd_V69yvRSXw3Ku3keK2tsWNW-QxTkVdjMV5QT8cPS6gUhv8Qvi_6yRQtUu2ahCgZVPOSbXCyOs_UI-vs7nNf05OfrkNwRURMnmIcTmgycsA71AvEWmFAREW2W8yKcwPAzDKIFbGFzCd-BCXd3It35KDMdjh4IDWZDGRGoxRysMMxr9v5Vf8NeVcylrd54Znnb6rTh1vocKO7odY8ehlr-haKSp8GUpjHAzWzk5B3D93oo2yJ8jcREkZrhZMARvBuVpA9FUVtTVG095tyWDCHHjmkDcEIeIunT96kZ4Vt76VWR-R78ARuQAdCd-HO18IJcuuhRBOczCxCkCa__q4r4N1rBJdy3ioOjmnqXw38ChWpJQR7TjBMeeAAxZ6TtKNcBf_Rb0VxCRnQKqMVtmxfv1TO2yDh51jSx2Vb_Eq5kbMQUh5mTBBfGlo39SM5StRMkFNUOtsSKn4zo7g9gl7HyhH_u4wQ1ysGLc8yFGUGVNpIKfC0qnJmyOo5z6RbG4GUULjANNpkuj3ijOeLyXnkqk56HWqkzjO66LKaC7kSH3JR4OVqAR0AJSyYLdKsu_zqw0FxFkCQ6BW9NU9zwYlylNiI4WDd4Q

This key pair is a requirement in the IAM Course AWS IAM | KodeKloud

al1 · February 9, 2024, 12:36pm

It doesn’t say create the KeyPair in AWS.

emiliano · February 9, 2024, 1:03pm

The second bullet says that I should import the key to EC2. In next steps it asks to create an EC2 instance and then connect to them using those key pairs…
I can’t create nor import the key created locally.

al1 · February 9, 2024, 1:15pm

Do you have a link to the lab please?

al1 · February 9, 2024, 1:24pm

Found it. So I was able to create an SSH Key Pair in the terminal. I have also used the AWS GUI and CLI to upload the public key.

emiliano · February 9, 2024, 5:40pm

Well I see. But as you can see ion the screenshot, it says that I should use the AWS Console.
The title should change or the permission inside the account.

al1 · February 9, 2024, 5:53pm

It doesn’t say to use the AWS console to create the key pair. The idea behind creating a local key pair is you never share the private key so it is more secure. You can use ssh-keygen to create the key pair then use the AWS GUI to upload only the public key.

emiliano · February 9, 2024, 10:10pm

Ok, fair enough.
But you can’t upload the keyas created in your local using the AWS Console.
That’s what I’m talking about.

I pasted the Create Pair error, but I had the same problem with the import one.

al1 · February 9, 2024, 11:39pm

Yes you can upload the key, I have done it - the lab works. Make sure you are in the correct region and in EC2 select Key Pairs and then select the Actions down down and select Import key pair. Paste the public key ensuring you have set the name correctly and click the Import key pair button.

Amazon EC2 key pairs and Linux instances - Amazon Elastic Compute Cloud

Arvind-Kumar-Avinash · February 18, 2024, 10:49pm

I am facing the same issue. I created the key-pair in step 6 of AWS IAM | KodeKloud

Here is the content of my ~/.ssh/Ec2instancekeypair.pub file created using the lab terminal, [the default prompt is ~ on (us-east-1) ➜]

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgIXq4rqctnEzxzmyN64f9cPpiKu4L1qEnBel59TdTmgJ4orov393GaB2VhrJv8dR3wEHsG42Si+0ux82PF/H9JssmQfkqEm/W5VZp/eqfg8H/ktDKpeBnrdP5L13kB6sYqmyArbzcuILMjOZsmZE+6lOUvOSP8c6aH0d7tyL/Xu/rCPywWm6Ox41zkNrtliQW1kGdeHG9Efq689dP76erUrFlY+K3an8Ed93UXUsuKgZkUgQurC5KrrZrZNLLOSfnLaKOndIVpiNltu5jNKae86c6YXfdB7CC0JVDiStlPx2NuzY/Z2e9ar5icx4euCxWhlCjJ6TRGjhSW14vTDa4vaXmcXu/EyoYCMBPfkKodKlj2K03isgWml43NyGdVZv5GqpouZ84KYs9XkHp2DLYKvzpNpjoTUx3fvbFcpdYH19LXg0euhrD4OKHQ+zONapo08TPHpyn/E3nmstiHHu1G4MegIrnAbwlh1iy17/HUBK4YAC2hWGtknilncFQFBM= root@aws-client

I am also able to import it into AWS at https://us-east-1.console.aws.amazon.com/ec2/home?region=us-east-1#KeyPairs:

However, when I click the ‘Check’ button on the lab UI, the first step (‘SSH Key is created in the terminal?’) passes but the second step (‘Ec2instancekeypair.pub is imported to AWS Console ?’) fails. If I create an EC2 instance with this imported Ec2instancekeypair.pub, the ssh to ec2-user@the-public-ip-of-the-ec2 fails.

Can you please try the solution given for step 6?

JARUGU-PHANIVARDHAN · February 25, 2024, 1:28pm

HI @Arvind-Kumar-Avinash We improved the solution for better understanding. It is just a naming error. Please give a try and complete lab.

Thank you,
J. Phani vardhan