From 3306aae0ba18d815a604e883e0faa952912ae2bb Mon Sep 17 00:00:00 2001
From: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
Date: Wed, 15 Nov 2017 17:10:36 +0000
Subject: [PATCH 1/2] instructions for using a keypair in AWS

---
 guide/locations/_AWS.md | 45 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/guide/locations/_AWS.md b/guide/locations/_AWS.md
index 16cb88d2..074adf0a 100644
--- a/guide/locations/_AWS.md
+++ b/guide/locations/_AWS.md
@@ -43,6 +43,51 @@ Below are examples of configuration options that use values specific to AWS EC2:
   For example, `securityGroups: mygroup1` or `securityGroups: [ mygroup1, mygroup2 ]`.
 
 
+### Using a Registered Key Pair
+
+You can specify a `keyPair` to use for initial provisioning as a configuration option.
+If this is omitted, Brooklyn will use jclouds to create a new ad hoc key pair at AWS
+for that machine, and it will delete it afterwards.  This is usually seamless and
+occurs behind the scenes, with the post-provision user set up and configured as normal
+for all locations.  However if you are optimizing for creation of many machines,
+or you are using an image where keypair installation is not reliable (such as [some
+RightImages](https://issues.apache.org/jira/browse/JCLOUDS-1356)), then you may wish
+to use a registered key pair.
+
+First, in the AWS Console, open the EC2 service in the region you are interested in,
+then click "Key Pairs" at the left.  For `us-east-1`, the link is 
+[here](https://console.aws.amazon.com/ec2/v2/home?region=us-east-1#KeyPairs:sort=keyName).
+Click "Create Key Pair" (or "Import Key Pair" if you want to provide a public key) and
+follow the instructions.
+
+Then define your location as follows for `aws-us-east-1`.  Make sure to replace the
+`XXXX` sections with the key-pair name defined above and the corresponding private key data. 
+
+```yaml
+brooklyn.catalog:
+  version: "1.0"
+  itemType: location
+  items:
+  - id: aws-base
+    item:
+      type: jclouds:aws-ec2
+      brooklyn.config:
+        identity: XXXXXXXXXXXXXXXX
+        credential: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx
+  - id: aws-us-east-1
+    item:
+      type: aws-base
+      region: us-east-1
+      keyPair: XXXXXXXXX
+      login.privateKeyData: |
+        -----BEGIN RSA PRIVATE KEY-----
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+        -----END RSA PRIVATE KEY-----
+```
+
+
 ### Using Subnets and Security Groups
 
 Apache Brooklyn can run with AWS VPC and both public and private subnets.

From 3f3e41d6d5253d2280617390ee5c75dabb72f3c4 Mon Sep 17 00:00:00 2001
From: Alex Heneveld <alex.heneveld@cloudsoftcorp.com>
Date: Thu, 16 Nov 2017 18:08:15 +0000
Subject: [PATCH 2/2] address PR comments, fix yaml

---
 guide/locations/_AWS.md | 25 +++++++++++++------------
 1 file changed, 13 insertions(+), 12 deletions(-)

diff --git a/guide/locations/_AWS.md b/guide/locations/_AWS.md
index 074adf0a..070f2dfe 100644
--- a/guide/locations/_AWS.md
+++ b/guide/locations/_AWS.md
@@ -49,10 +49,10 @@ You can specify a `keyPair` to use for initial provisioning as a configuration o
 If this is omitted, Brooklyn will use jclouds to create a new ad hoc key pair at AWS
 for that machine, and it will delete it afterwards.  This is usually seamless and
 occurs behind the scenes, with the post-provision user set up and configured as normal
-for all locations.  However if you are optimizing for creation of many machines,
-or you are using an image where keypair installation is not reliable (such as [some
-RightImages](https://issues.apache.org/jira/browse/JCLOUDS-1356)), then you may wish
-to use a registered key pair.
+for all locations.  However using AWS heavily or optimizing creation, using a known
+key pairs can  
+[make some images](https://issues.apache.org/jira/browse/JCLOUDS-1356) more reliable
+and speed things up.
 
 First, in the AWS Console, open the EC2 service in the region you are interested in,
 then click "Key Pairs" at the left.  For `us-east-1`, the link is 
@@ -77,14 +77,15 @@ brooklyn.catalog:
   - id: aws-us-east-1
     item:
       type: aws-base
-      region: us-east-1
-      keyPair: XXXXXXXXX
-      login.privateKeyData: |
-        -----BEGIN RSA PRIVATE KEY-----
-        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-        XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-        -----END RSA PRIVATE KEY-----
+      brooklyn.config:
+        region: us-east-1
+        keyPair: XXXXXXXXX
+        loginUser.privateKeyData: |
+          -----BEGIN RSA PRIVATE KEY-----
+          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+          XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+          -----END RSA PRIVATE KEY-----
 ```