0

Trying to create a key pair using boto3 a python file in AWS cloudshell but when I run it (and many other variations of it), it is not being created.

def create_key_pair():
    client = boto3.client("ec2", region_name="us-east-1")
    key_pair = client.create_key_pair(KeyName="test-key")

    private_key = key_pair["KeyMaterial"]

    with os.fdopen(os.open("/tmp/test-key.pem", os.O_WRONLY | os.O_CREAT, 0o400), "w+") as handle:
            handle.write(private_key)

The region is correct

The file is not being created with the private key

When I try to launch an instance with this in the KeyName parameter I am told that it does not exist.

I have also tried with 'import boto3' at the start of the document and nothing different happened.

Edit

Slight breakthrough, the .pem file is now being populated with an access denied error, see below.

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>...</RequestId><HostId>...</HostId$

This comes even when I run the program file with root permissions.

Any help is much appreciated! Thanks in advance!

l0kation
  • 31
  • 6
  • What does `key_pair` contain after the call? What gets written to your `.pem` file? Is the problem with the API call, or with the code to write it to a file? When I run that code on my Mac, it works fine. – John Rotenstein Mar 11 '22 at 21:24
  • It also ran fine when I tried it in Cloudshell. – John Rotenstein Mar 11 '22 at 23:17
  • @JohnRotenstein it does not create the .pem file when I run it – l0kation Mar 12 '22 at 19:22
  • @JohnRotenstein I had to instal boto3 on python 2.7 as it wasn’t working on the newest version in cooudshell. Could it be to do with that? – l0kation Mar 12 '22 at 19:29
  • 1
    You're using Python 2.x? You should move to Python 3. Python 2.7 is deprecated: [Migrating from Python 2.7 to Python 3 — Boto3 Docs](https://boto3.amazonaws.com/v1/documentation/api/1.16.56/guide/migrationpy3.html) – John Rotenstein Mar 12 '22 at 21:34
  • @JohnRotenstein ran with python 3 and the pen file is now being populated with and access denied error - please see post edit. – l0kation Mar 13 '22 at 15:58
  • What do you mean by "run the program file with root permissions"? Are you saying that you logged into the AWS Management Console using root credentials? What happens if you try to do it via the AWS CLI (`aws ec2 create-key-pair --key-name foo`)? – John Rotenstein Mar 13 '22 at 23:08
  • @JohnRotenstein it creates just fine using the command. Any insight as to why the boto3 program file doesn't work? (by root permission I just meant using sudo with the command) – l0kation Mar 14 '22 at 20:29
  • I am confused. In your edited question, you mention that it writes the Access Denied message to the file (which suggests that the API call is not working, but writing to a file _is_ working). However, your comment above says that the keypair _is_ being successfully created. I'm now confused as to what is working and what is not working for you. – John Rotenstein Mar 14 '22 at 22:26
  • @JohnRotenstein I apologise - when executing the boto3 program file the Key Pair is not being created and the only thing being written to the file is the access denied error message. I can create the key pair from the command line but the scope of the project is to use the boto3 program. – l0kation Mar 15 '22 at 11:52
  • When you create the Key Pair from the command line, is it using the same credentials as the Python program? They should both have the same result if they are using the same credentials. When creating the keypair via the AWS CLI, do you also specify the same region? – John Rotenstein Mar 15 '22 at 12:30
  • @JohnRotenstein I am using same account yes and not inputting any creds for either program or CLI execution. Also didn't have to specify the region in CLI, just the command you specified above worked fine. Really baffling me why this isn't working - it is working fine for everyone else who tries the code. I have reset my AWS lab to default multiple times too. – l0kation Mar 15 '22 at 20:03
  • If you specify the region, does it work too? `aws ec2 create-key-pair --key-name foo --region us-east-1` – John Rotenstein Mar 15 '22 at 21:02
  • @JohnRotenstein yes it works fine – l0kation Mar 15 '22 at 21:24

0 Answers0