Create a Key Pair using Terraform


We as a DevOps Engineer knows how frustrating it can be when we have to create everything manually, and the nightmare is when it comes to delete things. So knowing a Infrastructure as code tool is so important.
Today I will be starting Terraform series and It’s Day 1.
What we gonna do today ?
The Nautilus DevOps team is strategizing the migration of a portion of their infrastructure to the AWS cloud. Recognizing the scale of this undertaking, they have opted to approach the migration in incremental steps rather than as a single massive transition. To achieve this, they have segmented large tasks into smaller, more manageable units. This granular approach enables the team to execute the migration in gradual phases, ensuring smoother implementation and minimizing disruption to ongoing operations. By breaking down the migration into smaller tasks, the Nautilus DevOps team can systematically progress through each stage, allowing for better control, risk mitigation, and optimization of resources throughout the migration process.
For this task, create a key pair using Terraform with the following requirements:
Name of the key pair should be datacenter-kp.
Key pair type must be rsa.
The private key file should be saved under /home/bob/datacenter-kp.pem. The Terraform working directory is /home/bob/terraform. Create the main.tf file (do not create a different .tf file) to accomplish this task.
We are going to create a Terraform configuration file (main.tf) in the directory /home/bob/terraform. The goal is to create an AWS key pair named "datacenter-kp" of type "rsa", and save the private key to /home/bob/datacenter-kp.pem.
Steps:
1. We need to specify the AWS provider. However, the problem does not specify the region or credentials. Since it's a local setup, we might rely on the AWS CLI configuration or environment variables. But to keep it simple and focused, we'll assume that the AWS provider is configured elsewhere (e.g., via environment variables or ~/.aws/credentials).
2. We'll use the aws_key_pair resource to create the key pair. However, note that the aws_key_pair resource does not by default save the private key to a file. Instead, we can use the tls_private_key resource to generate a key and then create the AWS key pair from the public key. This way, we can save the private key to a file.
3. The plan:
a. Generate a TLS private key (using tls_private_key resource) of algorithm RSA and 4096 bits (as per common practice). b. Create an AWS key pair using the public key from the generated TLS private key. c. Save the private key to a local file.
4. We must ensure that the private key is saved at /home/bob/datacenter-kp.pem
.
you can choose location according to your needs.
5. The main.tf file will be created at /home/bob/terraform/
main.tf
. Note: We are only to create one file: main.tf.
Note: The problem says to create the main.tf in the working directory /home/bob/terraform.
Let's create the file at the specified location.
Steps to execute (if we were to run it, though the problem only asks for creating the file): - Initialize Terraform: terraform init
- Apply: terraform apply
But the problem only requires creating the main.tf file.
Important: The private key will be saved to /home/bob/datacenter-kp.pem.
However, note that the directory /home/bob must exist and the user must have write permissions.
We are setting the file permission to 0400 (read-only for the owner) for security. Let's write the content to /home/bob/terraform/main.tf.
- Navigate to the Terraform working directory:
cd /home/bob/terraform
- Create the
main.tf
file with the following content:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
tls = {
source = "hashicorp/tls"
version = "~> 4.0"
}
}
}
# Configure the AWS provider
provider "aws" {
region = "us-east-1" # Update with your preferred region if needed
}
# Generate a secure RSA private key
resource "tls_private_key" "datacenter" {
algorithm = "RSA"
rsa_bits = 4096
}
# Create AWS key pair
resource "aws_key_pair" "datacenter_kp" {
key_name = "datacenter-kp"
public_key = tls_private_key.datacenter.public_key_openssh
}
# Save private key to file
resource "local_file" "private_key" {
content = tls_private_key.datacenter.private_key_pem
filename = "/home/bob/datacenter-kp.pem"
file_permission = "0400" # Restrict file permissions
}
# Output key pair name for reference
output "key_name" {
value = aws_key_pair.datacenter_kp.key_name
}
Initialize Terraform:
terraform init
- Apply the configuration:
terraform apply
Type yes
when prompted to confirm the operation.
Key points in this configuration:
Creates an RSA 4096-bit key pair named
datacenter-kp
Saves the private key to
/home/bob/datacenter-kp.pem
Sets secure file permissions (0400 = owner read-only)
Uses the TLS provider to generate the key locally
Includes AWS provider configuration (default region set to us-east-1)
After successful execution:
Verify the key file:
ls -l /home/bob/datacenter-kp.pem
Should show permissions
-r--------
Verify key pair creation in AWS:
terraform output key_name
Should return datacenter-kp
Important security note: The private key file (datacenter-kp.pem
) should be kept secure and never shared or committed to version control.
Thank You — Happy Learning
Subscribe to my newsletter
Read articles from Kunal Kumar Singh directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
