> This is the default configuration. In this scenario, your private key isn’t stored in AWS and can only be retrieved when it’s created. The threat could be leaking your key pair by mistake or by an insider. This is something that can happen but is not unique to SSH access.<p>So in other words, the default EC2 configuration is plenty secure, or at least as secure as anything else? And you need a whole article to explain that?<p>I'm so sick of compliance and security turning into this, "It's easier to say no and not think about anything than it is to actually evaluate the situation and provide a real opinion." nonsense...