Can't create EC2 instance with Keypairs for ssh access

I am trying to launch a new EC2 instance with docker installed on it on AWS. Later on I need to ssh into this instance. I can create it without a problem doing:

docker-machine create --driver amazonec2 --amazonec2-region=eu-central-1 machine-ec2

This creates a new machine and also a keypair. Problem is it doesn't download the .pem file I need later on to ssh into it.

Thus, I tried to create a new machine with an existing keypair. I created a keypair, then I downloaded it, copied it to my ./ssh/aws folder and ran:

docker-machine create --driver amazonec2 --amazonec2-keypair-name=machine-aws-keypair --amazonec2-ssh-keypath=~/.ssh/aws/ --amazonec2-region=eu-central-1 machine-ec2

that gives me the error:

Error creating machine: Error in driver during machine creation: unable to create key pair: open ~/.ssh/aws/: no such file or directory
equally: docker-machine create --driver amazonec2 --amazonec2-keypair-name=machine-aws-keypair --amazonec2-ssh-keypath=~/.ssh/aws/nameofmykeyfile.pem --amazonec2-region=eu-central-1 machine-ec2

Is there sth I am doing wrong or is this a problem of AWS? I think the former... Any ideas on how to fix this? Help is very much appreciated. Thanks in advance!

EDIT: It would be enough to know how to get my privatekey.pem when creating a new instance via terminal....


I created a keypair, then I downloaded it, copied it to my ./ssh/aws folder and ran:

This path means a folder called ssh under . (current directory)

unable to create key pair: open ~/.ssh/aws/: no such file or directory

This path means a folder called .ssh under ~ (your home)
Try putting the keys in ~/.ssh/aws/ and see if that helps.


If the key pair does not exist (in the AWS region required), it can be created using the aws-cli

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-key-pair.html

For example, this assumes your AWS credentials are enabled already and your IAM permissions allow creating a key pair:


KEY_NAME=your-unique-name

export AWS_DEFAULT_REGION=us-west-2
export AWS_KEYPAIR_NAME="${KEY_NAME}-${AWS_DEFAULT_REGION}"
export AWS_SSH_KEYPATH="${HOME}/.aws"

aws ec2 create-key-pair \
    --key-name "${AWS_KEYPAIR_NAME}" \
    --query "KeyMaterial" \
    --output text > \
    "${AWS_SSH_KEYPATH}"/"${AWS_KEYPAIR_NAME}.pem"

chmod 400 "${AWS_SSH_KEYPATH}"/"${AWS_KEYPAIR_NAME}.pem"

ssh-keygen -y -f \
    "${AWS_SSH_KEYPATH}"/"${AWS_KEYPAIR_NAME}.pem" > \
    "${AWS_SSH_KEYPATH}"/"${AWS_KEYPAIR_NAME}.pub"

However, perhaps the best practice is to allow docker-machine to manage the ssh keys rather than trying to instruct it to use a specific key. This isolates access to each machine in a more secure manner and relieves the user of managing ssh keys.

One advantage to a common ssh key is the ability to use parallel ssh. A simple substitute for this is a bash loop. (I don't know about solutions for capistrano, for example.) For example, assuming several machines have a common machine-name prefix and a numeric suffix:

machine_prefix="my-machines"
for n in $(seq 1 6);
do
  docker-machine ssh "${machine_prefix}-00$n" 'echo $(hostname)'
done

See https://github.com/dazza-codes/docker-machine-ec2/blob/master/ec2_spinup.sh#L87-L94 for an example of creating machines with a common machine name prefix (assuming docker-machine is the solution of choice, vs. docker swarm, AWS Batch, AWS Labmda, k8s, etc).