Key Pairs
Start course

In this course, we shall be looking at how AWS provides many different means of authentication.

Learning Objectives

  • The different methods of authentication that can be implemented when using AWS
  • The difference between username/password and Multi-factor authentication
  • How to configure MFA authentication
  • The process in which programmatic authentication is managed
  • How IAM roles can be used to authenticate and authorize EC2 instances to access resources
  • How Key Pairs are used to authenticate you to newly created EC2 instances
  • The different options available with regards to federated authentication

Intended Audience

  • AWS Administrators
  • Security Engineers
  • Security Architects
  • And anyone who is looking to increase their knowledge of security and authentication within AWS


You should have a basic understanding of AWS IAM and what the service is used for. It would also be advantageous if you had some basic hands-on experience of Amazon EC2, but it is not essential.


And now I want to talk about how you can authenticate to newly created instances. And the process is slightly different for Linux and Windows Operating Systems. But the underlying method is fundamentally the same through the use of key pairs. So, when you create an EC2 instance, you are asked to select an existing or create an EC2 key pair. So, what is a key pair and what does it do?

A key pair as the name implies is made up of two components: a public key and a private key. These keys can either be ED25519 or 2048-bit SSH-2 RSA keys. However, please note that ED25519 keys are not supported for Windows instances, EC2 Instance Connect, or EC2 Serial Console. The function of key pairs is to encrypt the login information for Linux and Windows EC2 instances and then decrypt the same information allowing you to authenticate onto the instance. 

The public key uses public key cryptography to encrypt data such as the username and password. For Windows instances, the private key is used to decrypt the administrative password allowing you to gain access to the login credentials including the password using RDP. For Linux instances, the private key is used to SSH onto the instance, and the public key is held and kept by AWS. The private key is our responsibility to keep and to ensure that it is not lost. 

So, going back to when you create your EC2 instance, you're given the opportunity to download the key pair in the form of a pem file. Once you've done this, you must keep that file safe until you're ready to log into the associated instance. It's worth noting that you can use the same key pair on multiple instances. To understand the differences between connecting to a Windows instance and a Linux instance, please take a look at the following two labs where you will be shown how to create an instance and then connect to them using the key pairs.


About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.