I am trying to upload a public key on AWS CloudFront. I generate the key as follows
ssh-keygen -t ecdsa -b 521
I have also tried
ssh-keygen -b 4096
When I upload it through the console, I get the following error: com.amazonaws.services.cloudfront.model.InvalidArgumentException: Your request contains empty/invalid/out of limits RSA Encoded Key (Service: AmazonCloudFront; Status Code: 400; Error Code: InvalidArgument; Request ID: 08fa98af-0c02-11ea-b06e-d771d01bbfcb)
The result of ssh -V is "OpenSSH_7.7p1, OpenSSL 1.0.2p 14 Aug 2018".
Any help would be appreciated. Thanks.
This is because CloudFront doesn't support keys with length 4096 bits.
When you run command openssl rsa -pubout -in key.pem -out pubkey.pem it by default generates 2048 bit keys which it accepts.
The length of the public key for a certificate depends on where you're storing it.
Importing a certificate into AWS Certificate Manager (ACM): public key length must be 1024 or 2048 bits. The limit for a certificate that you use with CloudFront is 2048 bits, even though ACM supports larger keys.
Uploading a certificate to the AWS Identity and Access Management (IAM) certificate store: maximum size of the public key is 2048 bits.