vRA tidbit – AWS provisioning and the key pair conundrum

choiceOne of the main advantages of vRealize automation in the Cloud management space is that it provides customers with choices, this is true in many aspects of the solution like where to consume services from, how to deploy them, how the forms will look etc but in this post I want to talk about the creation of AWS key pairs.

There are many solutions out there that provide an interface for provisioning instances to AWS,  some have more capabilities than others and without getting into a full feature by feature comparison I will just say that vRA is one of the more comprehensive solutions out there with many capabilities that are required for cloud management such as self-service portal, multi cloud/vendor provisioning, automation and orchestration capabilities and much more.

One of the choices vRA gives cloud admins is how to create AWS key pairs. In a nutshell a key pair is the credentials used to access an instance, many of the CMP solutions out there will allow the creation of either a global key pair or a key pair per deployed instance.

Having a global key pair is not granular enough for most of our customer’s requirements and it will add management overhead especially on billing and security, while the other tools that createclutter key pair for each instance are probably too granular and create a management and maintenance nightmare, the EC2 management console will be flooded with Key pairs, this can also pose a security concern as there are potentially thousands  of credentials issued which is quite a mess.


vRA has a more elegant solution that also provides choice, choice between having a key pair generated for each Business group, A key pair per instance or a global key pair for a reservation. In most cases it will be suitable to have just one key pair per business group which be secure enough and will not clutter the environment with hundreds and thousands of key pairs, but if needs be Cloud admins can decide to provision certain instances with their own key pairs or set a key pair per reservation (the resolution of the reservation is decided by the admin) . This might not seem as a big deal but for those who work with AWS it is important.

When it comes down to cloud provisioning  where instances are being built and destroyed automatically, constantly and on demand having that glovechoice can make a difference so you can feel your CMP solution fits to your requirements.





  1. Srinivasan says

    I have created my Business Group with “having a key pair generated for each Business group” option. But where I will download that key pair in vra portal. I don’t see Business Group key pair in Reservations

Leave a Reply

Your email address will not be published. Required fields are marked *