From Rob Williams via Tender (http://help.opscode.com/discussions/problems/532-key-pair-issues-with-knife-ec2-server-create)
I tried knife ec2 server create again, but without setting the "knife.aws_ssh_key_id" attribute in my "./.chef/knife.rb". As documented above, I still get an EC2 instance that does not have an SSH key assigned.
Note that the "aws_ssh_key_id" attribute is not even mentioned at http://wiki.opscode.com/display/chef/Launch+Cloud+Instances+with+Knife. I searched for "aws_ssh_key_id" on the wiki, with NO results.
I searched for "aws_ssh_key_id" at http://help.opscode.com/, resulting in one hit from the Knowledge Base at http://help.opscode.com/kb/chefbasics/knife and one hit from the Discussions at http://help.opscode.com/discussions/suggestions/34-ec2-server-creation. The discussion mentions the identical problem. Tom Thomas responded to confirm the problem and resolved it by adding a comment to the knowledge base page that I found.
I now consider this to be a BUG. I cannot imagine a scenario where this behavior is remotely desirable.
The knife ec2 server create command should work if I specify the SSH key on the command line. The command line options should override any other configuration settings, such as in "knife.rb". The command line options should work even in the absence of any configuration settings, such as in "knife.rb".
The configuration setting for ""knife.aws_ssh_key_id"" should be an optional default, but it CANNOT WORK without the corresponding private key file. Both Opscode Knife and Amazon EC2 must agree on the chosen SSH key, so both settings must be provided and be consistent with each other. I don't see any documentation of a corresponding attribute to specify the private key file.
My workflow, and my client's workflow, will routinely involve a BASH script that invokes knife ec2 server create with a variety of command-line options including DIFFERENT Key Pairs. Now I am forced to break up that script into several scripts, based on which Key Pair is needed, and I have to MANUALLY edit my "knife.rb" to configure the matching Key Pair id, even though I have already specified that Key Pair fully on each command line in the scripts. This will inevitably result in mistakes that launch unreachable Amazon instances, for which we will have to pay usage charges.
I am sorry--I have probably made my point. PLEASE fix this. For now, I have identified the necessary workaround so I can get back to work.