I am trying to launch a new EC2 instance with docker installed on it on AWS. Later on I need to ssh into this instance. I can create it without a problem doing:
docker-machine create --driver amazonec2 --amazonec2-region=eu-central-1 machine-ec2
This creates a new machine and also a keypair. Problem is it doesn't download the .pem file I need later on to ssh into it.
Thus, I tried to create a new machine with an existing keypair. I created a keypair, then I downloaded it, copied it to my ./ssh/aws folder and ran:
docker-machine create --driver amazonec2 --amazonec2-keypair-name=machine-aws-keypair --amazonec2-ssh-keypath=~/.ssh/aws/ --amazonec2-region=eu-central-1 machine-ec2
that gives me the error:
Error creating machine: Error in driver during machine creation: unable to create key pair: open ~/.ssh/aws/: no such file or directory
equally: docker-machine create --driver amazonec2 --amazonec2-keypair-name=machine-aws-keypair --amazonec2-ssh-keypath=~/.ssh/aws/nameofmykeyfile.pem --amazonec2-region=eu-central-1 machine-ec2
Is there sth I am doing wrong or is this a problem of AWS? I think the former... Any ideas on how to fix this? Help is very much appreciated. Thanks in advance!
EDIT: It would be enough to know how to get my privatekey.pem when creating a new instance via terminal....
This path means a folder called
sshunder.(current directory)This path means a folder called
.sshunder~(your home)Try putting the keys in ~/.ssh/aws/ and see if that helps.
If the key pair does not exist (in the AWS region required), it can be created using the aws-cli
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-key-pair.html
For example, this assumes your AWS credentials are enabled already and your IAM permissions allow creating a key pair:
However, perhaps the best practice is to allow docker-machine to manage the ssh keys rather than trying to instruct it to use a specific key. This isolates access to each machine in a more secure manner and relieves the user of managing ssh keys.
One advantage to a common ssh key is the ability to use parallel ssh. A simple substitute for this is a bash loop. (I don't know about solutions for capistrano, for example.) For example, assuming several machines have a common machine-name prefix and a numeric suffix:
See https://github.com/dazza-codes/docker-machine-ec2/blob/master/ec2_spinup.sh#L87-L94 for an example of creating machines with a common machine name prefix (assuming docker-machine is the solution of choice, vs. docker swarm, AWS Batch, AWS Labmda, k8s, etc).
Leaving this for future readers who struggle with the same problem:
So what AWS actually does when creating an instance with the command line is that it creates a keypair and downloads it to your local machine.
To find out where it is located one can:
List all docker-machines
docker-machine lsInspect the machine of the EC2 instancedocker-machine inspect machinenameThis will give you sth like:
To ssh into the the EC2 instance do:
ssh -i "pathtokey/id_rsa" ubuntu@endpointofyourec2instanceAnd you should be in.