resource "tls_private_key" "ssh" {
  algorithm = "RSA"
  rsa_bits  = 4096
}

resource "aws_key_pair" "ssh" {
  key_name   = "ec2-terraform"
  public_key = tls_private_key.ssh.public_key_openssh
}

resource "local_file" "pem_file" {
  filename = pathexpand("~/.ssh/${aws_key_pair.ssh.key_name}.pem")
  file_permission = "400"
  directory_permission = "700"
  sensitive_content = tls_private_key.ssh.private_key_pem
}