Is there a way to clean up an EC2 Keypair on Host Deletion?

When deleting an AWS EC2 Host, Rancher seems to clean up the EC2 instance itself by terminating it. However it leaves behind the SSH Keypair it created. This makes it impossible to create a new Host of the same name as Rancher will fail to create the new Kyepair (since it already exists).

Is there a way to clean up defunct keypairs in any way other than manually deleting them in AWS?

When we are deleting the host from the UI, we are calling a docker-machine rm command to remove the EC2 instance. The docker-machine rm removes the key pair it created during the docker-machine create.

Do you have an exact use case of when it is not removing the SSH key pair? If it’s not happening, then something probably went wrong during the docker-machine rm.

I forgot to mention that outside of assuming that the docker-machine rm would clean it up, there is no specific way of removing these key pairs from AWS as we rely on docker-machine rm to clean up the ssh keypairs.

My mistake. My AWS IAM User did not have the ec2:DeleteKeyPair permission set, so it was silently failing on the keypair removal. Is there a console or error log somewhere I might have seen that error?


It appears docker-machine returns an error for that (, so it should be in the rancher/server container log