Can i invoke ssh-keygen from Lambda?

You can use yumda to create a lambda layer for openssh

$ docker run --rm -v $(pwd)/openssh-layer:/lambda/opt lambci/yumda:2 yum install -y openssh
$ cd openssh-layer
$ zip -yr ./openssh-layer.zip . > /dev/null
$ aws lambda publish-layer-version --layer-name openssh --zip-file fileb://openssh-layer.zip
$ aws lambda update-function-configuration --function-name test-function --layers "arn:aws:lambda:ap-northeast-1:123456789012:layer:openssh:1"

Execute a simple Lambda function as shown below.

import subprocess

def lambda_handler(event, context):
    return subprocess.check_output(
        'ssh-keygen;exit 0',
        stderr=subprocess.STDOUT,
        shell=True
    )

You will get a response like the following.

Response
"Generating public/private rsa key pair.\nEnter file in which to save the key (/home/sbx_user1051/.ssh/id_rsa): "

I tested with the lambci/lambda:python3.8 image and it looks like ssh-keygen is not included in it.

Unable to find image 'lambci/lambda:python3.8' locally
python3.8: Pulling from lambci/lambda
b8f7c23f9c29: Pull complete
491e0bc29828: Pull complete
0a7671393f66: Pull complete
Digest: sha256:be943e04cfeda15e0ea141d84a914b12f500194a694e809bb3cd0d0dd187aa56
Status: Downloaded newer image for lambci/lambda:python3.8
bash-4.2$ ssh-keygen
bash: ssh-keygen: command not found

That said, if you need to grab an ssh key from inside a lambda using something like AWS Secrets to store a key in conjunction with the lambda fetching it from there might be a better approach. Perhaps something like what is described here will help: https://aws.amazon.com/blogs/security/how-to-use-aws-secrets-manager-securely-store-rotate-ssh-key-pairs/

If you really wanted to do this via lambda you could also look at a container image based lambda: https://docs.aws.amazon.com/lambda/latest/dg/images-create.html