0

I tried setting an elastic IP by doing:

ec2-allocate-address

however, it gives me an error:

Required option '-K, --private-key KEY' missing (-h for usage)

why is this?

EquinoX
  • 367
  • 3
  • 11
  • 27

2 Answers2

2

Most of the AWS console tools require the use of a private key and a certificate (a few (e.g. those relating to S3) require you access keys.

Under your account on AWS, there is a page entitled 'Security Credentials' - on this page you can create (or upload) a new certificate or download an existing certificate. After the certificate has been created, you can no longer access your private key - you must therefore, save it when it is created for you.

For ec2-allocate-address (and most AWS tools) you can either set two environment variables containing the path your certificate and private key or you can pass the paths directly as part of the command line.

  • -K, --private-key: the path to your private key (pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem)
  • -C, --cert: the path to your X.509 certificate (cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem)

If you will be using the tool more than once or using multiple tools, it is easier to set the environment variables:

export EC2_PRIVATE_KEY=/path/to/pk-XXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem 
export EC2_CERT=/path/to/cert-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX.pem

There are a number of common options for the AWS tools that you can find in the AWS Docs

cyberx86
  • 20,805
  • 1
  • 62
  • 81
  • so I need to call this on the AWS console tool? – EquinoX Aug 10 '11 at 02:06
  • Not quite sure what you mean by 'call this'. From the command line (shell prompt) you can export the variables (the 'export' lines, above); or you just include the paths in your command - i.e. `ec2-allocate-address -K /path/to/pk-XXXX.pem -C /path/to/cert-XXXX.pem`. You may find the [AWS command line reference](http://docs.amazonwebservices.com/AWSEC2/latest/CommandLineReference/) helpful – cyberx86 Aug 10 '11 at 02:41
  • Forgot to mention - the 'export' lines are for Linux (or if you are using SSH). If you are using Windows use `set EC2_CERT="X:\path\to\cert-XXXX.pem"` (and, of course, set EC2_PRIVATE_KEY as well). – cyberx86 Aug 10 '11 at 02:49
  • call me stupid but where does the .pem needs to reside? in my local machine or in the AWS EC2 instance – EquinoX Aug 10 '11 at 05:55
  • It needs to be on the machine you are running the command line tools from (so if you are running the command from your local machine, then the pem files should be on your local machine. It is, of course, possible to run the command directly from the EC2 instance (in which case, the pem files would be on that instance)). Look over the [EC2 getting started guide](http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/setting-up-your-tools.html) for additional information on how you should setup your environment. – cyberx86 Aug 10 '11 at 09:37
0

I believe you should already have the private key certificate. The key is associated with the security group that your node belongs to. I personally use the key by registering it into my Tunnelier SSH client, for acquiring SSH connectivity to my nodes.

In other words, you don't need to issue yourself a new certificate because the certificate already exists. You need to just export it to a file and include it within your command line query.

You can get the X.509 key at this URL: https://aws-portal.amazon.com/gp/aws/developer/account/index.html?action=access-key

djangofan
  • 4,182
  • 10
  • 46
  • 59