Aws-cli: ec2 import-key-pair issue

Created on 18 Feb 2020  路  4Comments  路  Source: aws/aws-cli

After generating a key pair with ssh-keygen -t rsa -C "test_key" -f test_key, if you run:

aws ec2 import-key-pair --debug --key-name test_key --public-key-material file://test_key.pub

you will get:

An error occurred (InvalidKey.Format) when calling the ImportKeyPair operation: Key is not in valid OpenSSH public key format

This is for v2.0.0, it works in the previous version.

Possibly related to #41 ?

closing-soon
Source
picture rmv

Most helpful comment

--public-key-material is modeled as a blob which means its a binary type. CLI V2 changed how it processes binary input types to make round tripping of values possible. You can read about the change here in the upgrading guide: 锘匡豢锘匡豢https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration.html#cliv2-migration-binaryparam

So quickfix is just use fileb://. Or you can revert to the v1 behavior with the configuration 

cli_binary_format=raw-in-base64-out

But this is not a bug, it was intentional and outlined in our breaking changes document for things that we changed between v1 and v2 of the CLI.

picture stealthycoin on 28 Feb 2020
👍2

All 4 comments

Hi @rmv ,
Thanks for pointing this out,
I was able to reproduce this so I'll be marking it as a bug, and you're right, it does sound like it is related.

KaibaLopez picture KaibaLopez on 19 Feb 2020
👍1

--public-key-material is modeled as a blob which means its a binary type. CLI V2 changed how it processes binary input types to make round tripping of values possible. You can read about the change here in the upgrading guide: 锘匡豢锘匡豢https://docs.aws.amazon.com/cli/latest/userguide/cliv2-migration.html#cliv2-migration-binaryparam

So quickfix is just use fileb://. Or you can revert to the v1 behavior with the configuration 

cli_binary_format=raw-in-base64-out

But this is not a bug, it was intentional and outlined in our breaking changes document for things that we changed between v1 and v2 of the CLI.

stealthycoin picture stealthycoin on 28 Feb 2020
👍2

Thanks! and aws ec2 import-key-pair help reports the correct format in an example.

Maybe the parameter description:

   --public-key-material (blob)
     The public key. For API calls, the text must be base64-encoded.  For
     command line tools, base64 encoding is performed for you.

needs to be adjusted in what refers to CLI behavior since encoding or not is now driven by the file:// or fileb:// prefix.

rmv picture rmv on 28 Feb 2020

@stealthycoin thanks for the explanation. FYI I landed on this issue when following the example from this ec2 documentation page, which should probably be updated to use fileb://: https://docs.aws.amazon.com/cli/latest/reference/ec2/import-key-pair.html#examples

esquaredly picture esquaredly on 10 May 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

DrStrangepork picture DrStrangepork  路  3Comments
levequej picture levequej  路  3Comments
motilevy picture motilevy  路  3Comments
975204 picture 975204  路  3Comments
ronaldpetty picture ronaldpetty  路  3Comments