Key Pairs, Security Groups, and Instance Networking

Security and networking are fundamental to running EC2 instances. This lesson covers the three pillars you configure for every instance: key pairs for authentication, security groups for firewall rules, and VPC networking for connectivity.

Key Pairs

How Key Pairs Work

EC2 uses asymmetric cryptography (public/private key pairs) to control access to instances.

You create a key pair in the EC2 console or CLI.
AWS stores the public key and injects it into the instance at launch.
You download and securely store the private key (.pem file).
When connecting, you present the private key to prove your identity.

# Create a key pair
aws ec2 create-key-pair \
  --key-name my-app-key \
  --key-type ed25519 \
  --query "KeyMaterial" \
  --output text > my-app-key.pem

chmod 400 my-app-key.pem

Key Pair Types

Type	Description
RSA	Traditional; widely supported; 2048-bit or 4096-bit
ED25519	Modern; smaller keys; faster authentication; recommended for new instances

Key Pairs, Security Groups, and Instance Networking

Key Pairs, Security Groups, and Instance Networking

Key Pairs

How Key Pairs Work

Key Pair Types

Best Practices for Key Pairs

More in Cloud