These keys let a user access AWS with the EC2 tools, which specifically require an x.509 certificate.
This fixes the ec2 tools “Required option ‘-K, –private-key KEY’ missing (-h for usage)” error
Create the Certificate
mkdir /etc/ec2 && chmod 700 /etc/ec2 openssl req -out /etc/ec2/CSR.csr -new -newkey rsa:2048 -nodes -keyout /etc/ec2/user.private.key.pem openssl x509 -req -days 3650 -in /etc/ec2/CSR.csr -signkey /etc/ec2/user.private.key.pem -out /etc/ec2/user-cert.pem
Enable in IAM
- Go to IAM > User ID > Security Credentials
- Click “Manage Signing Certificates”
- Upload a certificate by pasting in the user-cert.pem
- export EC2_CERT=/etc/ec2/user-cert.pem
- export EC2_PRIVATE_KEY=/etc/ec2/user.private.key.pem
Run ec2-describe-regions – if everything is working OK you should (after a while) get a list back of regions.
- Make sure you assigned your user to a group in IAM!
- Does your user have all the necessary permissions for the EC2 operation you are trying to do?
- Your commands might not be looking at the correct region. For example, ec2-describe-instances –region us-west-1