Tag Archives: ec2

Generating an x.509 certificate for Amazon AWS IAM users

These keys let a user access AWS with the EC2 tools, which specifically require an x.509 certificate.

This fixes the ec2 tools “Required option ‘-K, –private-key KEY’ missing (-h for usage)” error

Create the Certificate

mkdir /etc/ec2 && chmod 700 /etc/ec2
openssl req -out /etc/ec2/CSR.csr -new -newkey rsa:2048 -nodes -keyout /etc/ec2/user.private.key.pem
openssl x509 -req -days 3650 -in /etc/ec2/CSR.csr -signkey /etc/ec2/user.private.key.pem -out /etc/ec2/user-cert.pem

Enable in IAM

  1. Go to IAM > User ID > Security Credentials
  2. Click “Manage Signing Certificates”
  3. Upload a certificate by pasting in the user-cert.pem

Verify

  • export EC2_CERT=/etc/ec2/user-cert.pem
  • export EC2_PRIVATE_KEY=/etc/ec2/user.private.key.pem
  • Run ec2-describe-regions – if everything is working OK you should (after a while) get a list back of regions.

Troubleshooting

  • Make sure you assigned your user to a group in IAM!
  • Does your user have all the necessary permissions for the EC2 operation you are trying to do?
  • Your commands might not be looking at the correct region. For example, ec2-describe-instances –region us-west-1

Thanks:

http://www.supertom.com/code/aws_iam_x509_signing_certificate.html

Advertisements
Tagged , ,