ALIYUN::ECS::SSHKeyPair is used to create an SSH key pair or import an existing SSH key pair to access an Elastic Compute Service (ECS) instance.

Syntax

{
  "Type": "ALIYUN::ECS::SSHKeyPair",
  "Properties": {
    "ResourceGroupId": String,
    "KeyPairName": String,
    "PublicKeyBody": String,
    "Tags": List
  }
}

Properties

PropertyTypeRequiredEditableDescriptionConstraint
ResourceGroupIdStringNoYes The ID of the resource group to which the ECS instance belongs. None
KeyPairName String Yes No The name of the key pair. The name must be 2 to 128 characters in length and can contain letters, digits, colons (:), underscores (_), and hyphens (-). It must start with a letter and cannot start with http:// or https://.
PublicKeyBody String No No The public key of the key pair. This parameter is required only when you import an SSH key pair.
TagsListNoYesThe tags of the key pair. A maximum of 20 tags can be specified.

For more information, see Tags properties.

Tags syntax

"Tags": [
  {
    "Key": String,
    "Value": String
  }
]  

Tags properties

PropertyTypeRequiredEditableDescriptionConstraint
KeyStringYesNoThe tag key. The tag key must be 1 to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun.
ValueStringNoNoThe tag value. The tag value must be 0 to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun.

Response parameters

Fn::GetAtt

  • KeyPairFingerPrint: the fingerprint of the key pair. The fingerprint uses the message-digest algorithm 5 (MD5) based on the public key fingerprint format defined in RFC 4716.
  • PrivateKeyBody: the private key of the key pair. An unencrypted RSA private key must be encoded in the PKCS#8 format by using PEM. The private key of a key pair can be obtained only when the key pair is first created. If you import an existing public key, no private key information is available.
  • KeyPairName: the name of the key pair.

Examples

  • YAMLformat

    ROSTemplateFormatVersion: '2015-09-01'
    Parameters: {}
    Resources:
      SSHKeyPair:
        Type: ALIYUN::ECS::SSHKeyPair
        Properties:
          KeyPairName:
            Fn::Sub: ess-${ALIYUN::StackId}
    Outputs:
      KeyPairFingerPrint:
        Description: 'The fingerprint of the key pair. The public key fingerprint format defined in RFC4716: MD5 message digest algorithm. '
        Value:
          Fn::GetAtt:
            - SSHKeyPair
            - KeyPairFingerPrint
      KeyPairName:
        Description: SSH Key pair name.
        Value:
          Fn::GetAtt:
            - SSHKeyPair
            - KeyPairName
      PrivateKeyBody:
        Description: 'The private key of the key pair. Content of the RSA private key in the PKCS#8 format of the unencrypted PEM encoding. Refer to: https://www.openssl.org/docs/apps/pkcs8.html.User only can get the private key one time when and only when SSH key pair is created.'
        Value:
          Fn::GetAtt:
            - SSHKeyPair
            - PrivateKeyBody
  • JSONformat

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Parameters": {
      },
      "Resources": {
        "SSHKeyPair": {
          "Type": "ALIYUN::ECS::SSHKeyPair",
          "Properties": {
            "KeyPairName": {
              "Fn::Sub": "ess-${ALIYUN::StackId}"
            }
          }
        }
      },
      "Outputs": {
        "KeyPairFingerPrint": {
          "Description": "The fingerprint of the key pair. The public key fingerprint format defined in RFC4716: MD5 message digest algorithm. ",
          "Value": {
            "Fn::GetAtt": [
              "SSHKeyPair",
              "KeyPairFingerPrint"
            ]
          }
        },
        "KeyPairName": {
          "Description": "SSH Key pair name.",
          "Value": {
            "Fn::GetAtt": [
              "SSHKeyPair",
              "KeyPairName"
            ]
          }
        },
        "PrivateKeyBody": {
          "Description": "The private key of the key pair. Content of the RSA private key in the PKCS#8 format of the unencrypted PEM encoding. Refer to: https://www.openssl.org/docs/apps/pkcs8.html.User only can get the private key one time when and only when SSH key pair is created.",
          "Value": {
            "Fn::GetAtt": [
              "SSHKeyPair",
              "PrivateKeyBody"
            ]
          }
        }
      }
    }

For more examples, visit Instance.json and Instance.yml. In the examples, the ALIYUN::ECS::Instance, ALIYUN::ECS::SSHKeyPair, and ALIYUN::ECS::SSHKeyPairAttachment resource types are involved.