All Products
Search
Document Center

Resource Orchestration Service:ALIYUN::ECS::SSHKeyPair

Last Updated:Jun 10, 2026

ALIYUN::ECS::SSHKeyPair creates an SSH key pair or imports an existing one.

Syntax

{
  "Type": "ALIYUN::ECS::SSHKeyPair",
  "Properties": {
    "ResourceGroupId": String,
    "KeyPairName": String,
    "PublicKeyBody": String,
    "Tags": List
  }
}

Properties

Property

Type

Required

Editable

Description

Constraint

ResourceGroupId

String

No

Yes

The resource group ID.

None.

KeyPairName

String

Yes

No

The key pair name.

2 to 128 characters. Can contain letters, digits, colons (:), underscores (_), and hyphens (-). Must start with a letter. Cannot start with http:// or https://.

PublicKeyBody

String

No

No

The public key.

Required only when importing an existing key pair.

Tags

List

No

Yes

The tags.

Maximum: 20.

For more information, see Tags properties.

Tags syntax

"Tags": [
  {
    "Key": String,
    "Value": String
  }
]  

Tags properties

Property

Type

Required

Editable

Description

Constraint

Key

String

Yes

No

The tag key.

1 to 128 characters. Cannot start with aliyun or acs:. Cannot contain http:// or https://.

Value

String

No

No

The tag value.

Up to 128 characters. Cannot start with aliyun or acs:. Cannot contain http:// or https://.

Return values

Fn::GetAtt

  • KeyPairFingerPrint: the key pair fingerprint. The MD5 hash is computed based on the public key fingerprint format defined in RFC 4716.

  • PrivateKeyBody: the unencrypted RSA private key in PEM-encoded PKCS#8 format. Returned only when creating a new key pair. Not available for imported keys.

  • KeyPairName: the key pair name.

  • Arn: the Alibaba Cloud Resource Name (ARN).

Examples

ROSTemplateFormatVersion: '2015-09-01'
Parameters: {}
Resources:
  SSHKeyPair:
    Type: ALIYUN::ECS::SSHKeyPair
    Properties:
      KeyPairName:
        Fn::Sub: ess-${ALIYUN::StackId}
Outputs:
  KeyPairFingerPrint:
    Description: 'The fingerprint of the key pair. The public key fingerprint format defined in RFC4716: MD5 message digest algorithm. '
    Value:
      Fn::GetAtt:
        - SSHKeyPair
        - KeyPairFingerPrint
  KeyPairName:
    Description: SSH Key pair name.
    Value:
      Fn::GetAtt:
        - SSHKeyPair
        - KeyPairName
  PrivateKeyBody:
    Description: 'The private key of the key pair. Content of the RSA private key in the PKCS#8 format of the unencrypted PEM encoding. Refer to: https://www.openssl.org/docs/apps/pkcs8.html.User only can get the private key one time when and only when SSH key pair is created.'
    Value:
      Fn::GetAtt:
        - SSHKeyPair
        - PrivateKeyBody
{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
  },
  "Resources": {
    "SSHKeyPair": {
      "Type": "ALIYUN::ECS::SSHKeyPair",
      "Properties": {
        "KeyPairName": {
          "Fn::Sub": "ess-${ALIYUN::StackId}"
        }
      }
    }
  },
  "Outputs": {
    "KeyPairFingerPrint": {
      "Description": "The fingerprint of the key pair. The public key fingerprint format defined in RFC4716: MD5 message digest algorithm. ",
      "Value": {
        "Fn::GetAtt": [
          "SSHKeyPair",
          "KeyPairFingerPrint"
        ]
      }
    },
    "KeyPairName": {
      "Description": "SSH Key pair name.",
      "Value": {
        "Fn::GetAtt": [
          "SSHKeyPair",
          "KeyPairName"
        ]
      }
    },
    "PrivateKeyBody": {
      "Description": "The private key of the key pair. Content of the RSA private key in the PKCS#8 format of the unencrypted PEM encoding. Refer to: https://www.openssl.org/docs/apps/pkcs8.html.User only can get the private key one time when and only when SSH key pair is created.",
      "Value": {
        "Fn::GetAtt": [
          "SSHKeyPair",
          "PrivateKeyBody"
        ]
      }
    }
  }
}

Additional YAML examples are available on GitHub.