Why Keypair is now being automatically downloaded upon creation?


Keypair generation on AWS Console previously asked if I wanted to download the new keypair generated. Recently it is automatically downloading without my autorization. Why? This is not secure. I am using Firefox browser. I also tried with Private Browser session and it is still downloading the new keypair without my authorization.

asked 2 years ago384 views
3 Answers

You have to understand the usecase of creating keypair in the console.

By creating keypair in the console, you already give the permission to download because otherwise you will NOT create one in the first place and you don't get to download it after creation.

You don't have access to your private keys anymore after creation. That's why it's auto downloading so you will have your private key.

If you don't want auto download, don't create the key in AWS console.

answered 2 years ago
  • No. I don't need to give permission to download. It didn't work like that before. In fact, using Safari browser I still receive the prompt to choose if I want to download. You are missing something important, I decide the action according to my use case. Can an EC2 run without keypair? No. Thank you.

  • An EC2 instance can run without a keypair. It's very common to create an EC2 instance without a key pair and use Simple System Manager (SSM) to access the console of the instance.

  • If you don't want to download the key just don't create it in the first place. If that's not feasible for you can you elaborate more as to what is your usecase?


If you don't download the private key, what use the public key is then? Meaning the default, and only sensible action is to download it. You can only download private at creation time, after that you can deploy the keypair to instance but there is no way of getting private key so it is kind of useless. Or am I missing something?

profile picture
answered 2 years ago
  • Seem that Jason_S beat me by 2 minutes :-)

  • It is being very useful. We can't run EC2 without keypair right? Such credentials should never be automatically downloaded. Need to keep the prompt.


I don't think the issue is to do with AWS. It is browser settings that's causing the issue in my opinion. Check the option "always ask you where to save files" under Downloads in the Firefox settings. This should start throwing the prompt you are looking for. If not the issue should be in similar lines. Tweak your browser settings till you get a prompt. A bit of Google search can help if my suggestion above doesn't resolve your problem. I think you also have options to specify for what file extension types you need a prompt. Check firefox support QnAs for more.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions