Aws - create new key pair

Can we create new aws key-pair with terraform? From the documentation it says, Currently this resource requires an existing user-supplied key pair

Does it mean we can’t create new aws key pair with terraform?

The naming is misleading.

When you create a key pair using the AWS console, it’s really just giving you the private key and storing the public key. That’s why you only have one shot to record the private key and “AWS key pair” is a bad name - it’s really just “ssh public key used by AWS” and the private side of the pair is never stored by or used in AWS.

You can also create your key pair using ssh from the command line, and then just give AWS the public key. This is what the “import key pair” AWS console function does, and it’s what the Terraform resource does too.

If you really, really wanted to you could probably do something with a local-exec provisioner to make a new ssh key pair with ssh-keygen and then set up the AWS resource using the public part of the new pair, but the use-case would be pretty niche I think.

What I do for my dev-type environments is just this:

 resource "aws_key_pair" "nhw76" {
   public_key = file("~/.ssh/")

how about using the resource tls_private_key: