1 00:00:06,590 --> 00:00:10,750 - Now let's talk about key pairs within Amazon EC2. 2 00:00:10,750 --> 00:00:14,860 Key pairs here, how we're talking about these 3 00:00:14,860 --> 00:00:17,270 are public and private keys. 4 00:00:17,270 --> 00:00:20,530 So these types of key pairs means 5 00:00:20,530 --> 00:00:22,960 that we have a private key 6 00:00:22,960 --> 00:00:26,810 that we keep locally that we generally don't go giving out, 7 00:00:26,810 --> 00:00:28,060 and then we have a public key 8 00:00:28,060 --> 00:00:31,400 that is safe to give to other systems, 9 00:00:31,400 --> 00:00:33,330 right, and so this enables public/private 10 00:00:33,330 --> 00:00:36,303 key authentication and encryption. 11 00:00:37,200 --> 00:00:41,973 And these are 2048-bit SSH-2 RSA keys. 12 00:00:44,530 --> 00:00:48,590 Now, we can create these key pairs either directly 13 00:00:48,590 --> 00:00:51,960 within AWS, so we could make a call 14 00:00:51,960 --> 00:00:56,960 to the AWS API either with our CLI tools or in the console. 15 00:00:57,690 --> 00:01:00,010 If we allow Amazon to create it, 16 00:01:00,010 --> 00:01:05,010 we essentially download the private key pair from AWS. 17 00:01:05,070 --> 00:01:08,640 Or we could create it locally 18 00:01:08,640 --> 00:01:13,170 and import the public key half to AWS, right? 19 00:01:14,470 --> 00:01:19,092 So either way, AWS will keep the public key 20 00:01:19,092 --> 00:01:22,820 and AWS does not keep the private key. 21 00:01:22,820 --> 00:01:27,093 Now, for those of us who might be overly security minded 22 00:01:28,830 --> 00:01:31,600 and want to be as careful as possible, 23 00:01:31,600 --> 00:01:34,020 then it might be a good practice for you 24 00:01:34,020 --> 00:01:37,850 to create the keys locally and use the import method, 25 00:01:37,850 --> 00:01:40,350 rather than having AWS create it. 26 00:01:40,350 --> 00:01:43,710 By doing a local creation and import, 27 00:01:43,710 --> 00:01:48,343 you know for a fact that AWS does not have that public key. 28 00:01:50,170 --> 00:01:53,300 And then when we launch an EC2 instance, 29 00:01:53,300 --> 00:01:55,300 we generally choose a key pair, 30 00:01:55,300 --> 00:01:57,140 and by choosing a key pair, 31 00:01:57,140 --> 00:02:00,310 that would allow us to gain remote access to 32 00:02:00,310 --> 00:02:02,963 that instance later if we needed to. 33 00:02:04,320 --> 00:02:07,040 Now, in the case of Linux, 34 00:02:07,040 --> 00:02:10,090 the public key will be added 35 00:02:10,090 --> 00:02:14,930 to the .ssh/authorized_key file, 36 00:02:14,930 --> 00:02:18,300 and so that would allow us to authenticate into 37 00:02:18,300 --> 00:02:20,550 that Linux operating system 38 00:02:20,550 --> 00:02:23,820 using public/private key pair authentication. 39 00:02:23,820 --> 00:02:25,590 We would use that private key 40 00:02:25,590 --> 00:02:27,920 that exists locally in order 41 00:02:27,920 --> 00:02:31,713 to authenticate into that Linux machine. 42 00:02:32,760 --> 00:02:34,850 In the case of Windows, 43 00:02:34,850 --> 00:02:37,550 the administrator password 44 00:02:37,550 --> 00:02:41,320 is automatically encrypted by AWS, 45 00:02:41,320 --> 00:02:44,820 and they use the public key to do the encryption, 46 00:02:44,820 --> 00:02:48,170 we can then use the private key to do the decryption. 47 00:02:48,170 --> 00:02:51,700 So keep that in mind that when if you need remote access 48 00:02:51,700 --> 00:02:56,320 to an EC2 instance, we need a key pair. 49 00:02:56,320 --> 00:02:58,170 Whether it's a Linux or Windows, 50 00:02:58,170 --> 00:03:01,360 we need a key pair in order to enable 51 00:03:01,360 --> 00:03:04,823 that remote access to our EC2 instances.