1 00:00:06,281 --> 00:00:10,448 - Now let's talk about key pairs within Amazon EC2. 2 00:00:11,894 --> 00:00:14,564 Key pairs, or public private keys 3 00:00:14,564 --> 00:00:17,346 are the way in which we can authenticate 4 00:00:17,346 --> 00:00:21,971 into the operating system of our EC2 instances. 5 00:00:21,971 --> 00:00:23,820 You remember when we talked earlier 6 00:00:23,820 --> 00:00:27,460 about authenticating against the AWS API, 7 00:00:27,460 --> 00:00:31,135 we use a certain set of access keys for that, 8 00:00:31,135 --> 00:00:33,434 using IM users and groups. 9 00:00:33,434 --> 00:00:34,955 What we're talking about here 10 00:00:34,955 --> 00:00:37,788 is the OS level of authentication. 11 00:00:39,877 --> 00:00:42,753 Here, in order to get into the operating system, 12 00:00:42,753 --> 00:00:45,180 or EC2 instance, we need a key pair. 13 00:00:45,180 --> 00:00:48,847 Now, these are 2048-bit SSH-2 RSA key pairs. 14 00:00:50,612 --> 00:00:54,150 We will create these within the AWS console, 15 00:00:54,150 --> 00:00:57,416 and then when we go to launch an EC2 instance, 16 00:00:57,416 --> 00:01:00,944 we will choose that key pair at that time. 17 00:01:00,944 --> 00:01:03,006 Now, when we create the key pair, 18 00:01:03,006 --> 00:01:06,115 Amazon web services will keep the public key. 19 00:01:06,115 --> 00:01:08,716 They will give us the opportunity 20 00:01:08,716 --> 00:01:12,234 to download the private key, and then at that point, 21 00:01:12,234 --> 00:01:14,197 they will not longer keep the private key. 22 00:01:14,197 --> 00:01:17,562 So you do have one short window in which to download 23 00:01:17,562 --> 00:01:21,312 the private key before Amazon gets rid of it. 24 00:01:22,267 --> 00:01:26,434 How this works is that when we launch a Linux EC2 instance, 25 00:01:28,635 --> 00:01:31,874 Amazon web services will take that public key 26 00:01:31,874 --> 00:01:35,825 that they're keeping, and they will add it to the 27 00:01:35,825 --> 00:01:39,992 .ssh/authorized_keys files for your particular admin user. 28 00:01:41,209 --> 00:01:42,700 Like in the case of Ubuntu, 29 00:01:42,700 --> 00:01:45,572 they will add it to the Ubunto user. 30 00:01:45,572 --> 00:01:49,043 In the case of Amazon Linux, they will add it to the, 31 00:01:49,043 --> 00:01:51,336 what we call the EC2 user. 32 00:01:51,336 --> 00:01:54,386 And we will use it, when we go to log in 33 00:01:54,386 --> 00:01:57,263 our SSH into that Linux machine, 34 00:01:57,263 --> 00:02:00,726 we will use our private key that we downloaded 35 00:02:00,726 --> 00:02:04,270 in order to authenticate against that operating system. 36 00:02:04,270 --> 00:02:08,139 In the case of Windows, the administrator password 37 00:02:08,139 --> 00:02:11,389 will be encrypted using the public key, 38 00:02:12,841 --> 00:02:15,861 and we will use our private key to decrypt 39 00:02:15,861 --> 00:02:18,399 the Windows administrator password. 40 00:02:18,399 --> 00:02:21,443 So again, key pairs are the way in which 41 00:02:21,443 --> 00:02:24,493 we authenticate into the operating system 42 00:02:24,493 --> 00:02:27,993 of Amazon Elastic Compute Cloud instances.