AWS KeyPair Error

Archives Ansible Developer
1

I am getting the following error for AWS Keypair, generated at AWS and pem file downloaded, from boto 2.34, on Ubun 15.04.

I have checked that key is for the region (us-east-1) that I am running the playbook for.

Do not understand why it gives the ‘Length exceeds maximum of 2048’ error as key was generated at AWS.

vars:
region: us-east-1
instance_type: t2.micro
count: 3
tasks:

  • name: ec2 keypair
    ec2_key: name=mykey key_material=“{{ item }}” region={{ region }}
    with_file: ~/.ssh/HelloWorld.pem

Traceback (most recent call last):
File “/home/monosij/.ansible/tmp/ansible-tmp-1439084212.68-170231526352889/ec2_key”, line 2032, in
main()
File “/home/monosij/.ansible/tmp/ansible-tmp-1439084212.68-170231526352889/ec2_key”, line 197, in main
key = ec2.import_key_pair(name, key_material)
File “/usr/local/lib/python2.7/dist-packages/boto/ec2/connection.py”, line 2924, in import_key_pair
return self.get_object(‘ImportKeyPair’, params, KeyPair, verb=‘POST’)
File “/usr/local/lib/python2.7/dist-packages/boto/connection.py”, line 1208, in get_object
raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request

<?xml version="1.0" encoding="UTF-8"?>

InvalidParameterValueValue (…) for parameter PublicKeyMaterial is invalid. Length exceeds maximum of 2048.609a75cd-5e25-403c-ad06-b546d8d6ffb2

FATAL: all hosts have already failed – aborting

Thank you for your suggestions.

Mono

2

When you create the key with the AWS console, the .pem file you’ve downloaded is a private key.

The ec2_key module is for uploading a public key that you generated yourself.

e.g. the public key that’s generated alongside a private key by ssh-keygen.

(This us useful as that you can use the same keypair in different regions or accounts.)

Andy

3

Mono,

You can download the public key from the instance you created by logging in as the user AWS created for you {ubuntu or ec2-user for example} and copying it from ~/.ssh/authorized_keys (either copy-and-paste or using scp)

HTH

Jim

4

Thanks Jim. Worked out great. I did not realize I had to extract the public key from the pem file separately.

Mono