ALIYUN::ECS::SSHKeyPair is used to create an SSH key pair or import an existing SSH key pair to access an Elastic Compute Service (ECS) instance.
Syntax
{
"Type": "ALIYUN::ECS::SSHKeyPair",
"Properties": {
"ResourceGroupId": String,
"KeyPairName": String,
"PublicKeyBody": String,
"Tags": List
}
}Properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| ResourceGroupId | String | No | No | The ID of the resource group to which the ECS instance belongs. | None |
| KeyPairName | String | Yes | No | The name of the key pair. | The name must be 2 to 128 characters in length and can contain letters, digits, colons (:), underscores (_), and hyphens (-). It must start with a letter and cannot start with http:// or https://. |
| PublicKeyBody | String | No | No | The public key of the key pair. | This parameter is required only when you import an SSH key pair. |
| Tags | List | No | Yes | The tags of the key pair. | A maximum of 20 tags can be specified. For more information, see Tags properties. |
Tags syntax
"Tags": [
{
"Key": String,
"Value": String
}
] Tags properties
| Property | Type | Required | Editable | Description | Constraint |
|---|---|---|---|---|---|
| Key | String | Yes | No | The tag key. | The tag key must be 1 to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun. |
| Value | String | No | No | The tag value. | The tag value must be 0 to 128 characters in length and cannot contain http:// or https://. It cannot start with acs: or aliyun. |
Response parameters
Fn::GetAtt
- KeyPairFingerPrint: the fingerprint of the key pair. The fingerprint uses the message-digest algorithm 5 (MD5) based on the public key fingerprint format defined in RFC 4716.
- PrivateKeyBody: the private key of the key pair. An unencrypted RSA private key must be encoded in the PKCS#8 format by using PEM. The private key of a key pair can be obtained only when the key pair is first created. If you import an existing public key, no private key information is available.
- KeyPairName: the name of the key pair.
Examples
JSON format
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"KeyPairName": {
"Type": "String",
"Description": "SSH key pair name. It must be unique. [2, 128] characters. All character sets are supported. Do not start with a special character, digit, http://, or https://. It can contain digits, \".\", \"_\", or \"-\"."
},
"ResourceGroupId": {
"Type": "String",
"Description": "Resource group id."
},
"Tags": {
"Type": "Json",
"Description": "Tags to attach to instance. Max support 20 tags to add during create instance. Each tag with two properties Key and Value, and Key is required.",
"MaxLength": 20
},
"PublicKeyBody": {
"Type": "String",
"Description": "SSH Public key. If PublicKeyBody is specified, existed public key body will be imported instead of creating new SSH key pair."
}
},
"Resources": {
"SSHKeyPair": {
"Type": "ALIYUN::ECS::SSHKeyPair",
"Properties": {
"KeyPairName": {
"Ref": "KeyPairName"
},
"ResourceGroupId": {
"Ref": "ResourceGroupId"
},
"Tags": {
"Ref": "Tags"
},
"PublicKeyBody": {
"Ref": "PublicKeyBody"
}
}
}
},
"Outputs": {
"KeyPairFingerPrint": {
"Description": "The fingerprint of the key pair. The public key fingerprint format defined in RFC4716: MD5 message digest algorithm. Refer to http://tools.ietf.org/html/rfc4716.",
"Value": {
"Fn::GetAtt": [
"SSHKeyPair",
"KeyPairFingerPrint"
]
}
},
"KeyPairName": {
"Description": "SSH Key pair name.",
"Value": {
"Fn::GetAtt": [
"SSHKeyPair",
"KeyPairName"
]
}
},
"PrivateKeyBody": {
"Description": "The private key of the key pair. Content of the RSA private key in the PKCS#8 format of the unencrypted PEM encoding. Refer to: https://www.openssl.org/docs/apps/pkcs8.html.User only can get the private key one time when and only when SSH key pair is created.",
"Value": {
"Fn::GetAtt": [
"SSHKeyPair",
"PrivateKeyBody"
]
}
}
}
}YAML format
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
KeyPairName:
Description: SSH key pair name. It must be unique. [2, 128] characters. All character
sets are supported. Do not start with a special character, digit, http://, or
https://. It can contain digits, ".", "_", or "-".
Type: String
PublicKeyBody:
Description: SSH Public key. If PublicKeyBody is specified, existed public key
body will be imported instead of creating new SSH key pair.
Type: String
ResourceGroupId:
Description: Resource group id.
Type: String
Tags:
Description: Tags to attach to instance. Max support 20 tags to add during create
instance. Each tag with two properties Key and Value, and Key is required.
MaxLength: 20
Type: Json
Resources:
SSHKeyPair:
Properties:
KeyPairName:
Ref: KeyPairName
PublicKeyBody:
Ref: PublicKeyBody
ResourceGroupId:
Ref: ResourceGroupId
Tags:
Ref: Tags
Type: ALIYUN::ECS::SSHKeyPair
Outputs:
KeyPairFingerPrint:
Description: 'The fingerprint of the key pair. The public key fingerprint format
defined in RFC4716: MD5 message digest algorithm. Refer to http://tools.ietf.org/html/rfc4716.'
Value:
Fn::GetAtt:
- SSHKeyPair
- KeyPairFingerPrint
KeyPairName:
Description: SSH Key pair name.
Value:
Fn::GetAtt:
- SSHKeyPair
- KeyPairName
PrivateKeyBody:
Description: 'The private key of the key pair. Content of the RSA private key
in the PKCS#8 format of the unencrypted PEM encoding. Refer to: https://www.openssl.org/docs/apps/pkcs8.html.User
only can get the private key one time when and only when SSH key pair is created.'
Value:
Fn::GetAtt:
- SSHKeyPair
- PrivateKeyBodyFor more examples, visit Instance.json and Instance.yml. In the examples, the ALIYUN::ECS::Instance, ALIYUN::ECS::SSHKeyPair, and ALIYUN::ECS::SSHKeyPairAttachment resource types are involved.