AWS KeyPair Error

1,917 views
Skip to first unread message

Monosij Dutta-Roy

unread,
Aug 8, 2015, 10:07:08 PM8/8/15
to Ansible Development

I am getting the following error for AWS Keypair, generated at AWS and pem file downloaded, from boto 2.34, on Ubun 15.04.

I have checked that key is for the region (us-east-1) that I am running the playbook for.

Do not understand why it gives the 'Length exceeds maximum of 2048' error as key was generated at AWS.

...
  vars:
    region: us-east-1
    instance_type: t2.micro
    count: 3
  tasks:
  - name: ec2 keypair
    ec2_key: name=mykey key_material="{{ item }}" region={{ region }}
    with_file: ~/.ssh/HelloWorld.pem

...

Traceback (most recent call last):
  File "/home/monosij/.ansible/tmp/ansible-tmp-1439084212.68-170231526352889/ec2_key", line 2032, in <module>
    main()
  File "/home/monosij/.ansible/tmp/ansible-tmp-1439084212.68-170231526352889/ec2_key", line 197, in main
    key = ec2.import_key_pair(name, key_material)
  File "/usr/local/lib/python2.7/dist-packages/boto/ec2/connection.py", line 2924, in import_key_pair
    return self.get_object('ImportKeyPair', params, KeyPair, verb='POST')
  File "/usr/local/lib/python2.7/dist-packages/boto/connection.py", line 1208, in get_object
    raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>InvalidParameterValue</Code><Message>Value (...) for parameter PublicKeyMaterial is invalid. Length exceeds maximum of 2048.</Message></Error></Errors><RequestID>609a75cd-5e25-403c-ad06-b546d8d6ffb2</RequestID></Response>


FATAL: all hosts have already failed -- aborting

...

Thank you for your suggestions.

Mono

an...@change-inside.com

unread,
Aug 10, 2015, 6:36:25 PM8/10/15
to Ansible Development
When you create the key with the AWS console, the .pem file you've downloaded is a private key.

The ec2_key module is for uploading a public key that you generated yourself.

e.g. the public key that's generated alongside a private key by ssh-keygen.

(This us useful as that you can use the same keypair in different regions or accounts.)

Andy

Jim Rippon

unread,
Aug 10, 2015, 6:54:43 PM8/10/15
to ansibl...@googlegroups.com

Mono,

You can download the public key from the instance you created by logging in as the user AWS created for you {ubuntu or ec2-user for example} and copying it from ~/.ssh/authorized_keys (either copy-and-paste or using scp)

HTH

Jim

--
You received this message because you are subscribed to the Google Groups "Ansible Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ansible-deve...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

 

Monosij Dutta-Roy

unread,
Aug 13, 2015, 12:01:56 AM8/13/15
to Ansible Development
Thanks Jim. Worked out great. I did not realize I had to extract the public key from the pem file separately.

Mono
Reply all
Reply to author
Forward
0 new messages