It’s easy to get confused with the zillion keys/credentials the AWS folks put out there! Let’s see what all we have that are used in one way or another by the AWS-Console:
AWS credentials for S3 and EC2, these are commonly called AWS access key id and AWS secret access key. They are used when you access S3 (by any authenticated means) or when AWS-Console accesses EC2 on your behalf.
EC2 X.509 certificate for which you have a private key ‘.pem’ file and a certificate ‘.pem,’ file. They are used when you access EC2 using the command line tools and when AWS-Console bundles up an instance into an image for you.
SSH key pairs, which you can have many of, which are used when you connect to an instance using the SSH protocol. When you create an SSH key pair EC2 remembers the public key and passes it into new instances you launch with that key. You have to keep the private key (which is returned by EC2 on key creation) and you use it when you SSH into the instance. When you create a key pair using AWS-Console it remembers the private key and uses it for the ‘SSH Console’ feature.