1The Changing Public IP
A common beginner mistake is hardcoding an EC2 instance's Public IP into an application, only to have the app break when the instance is stopped and started. Always use DNS names or Elastic IPs for production workloads.
2Cryptography over Passwords
AWS strongly discourages password-based logins for Linux. Asymmetric cryptography (Key Pairs) is mathematically much harder to brute-force than any password. Keep your .pem file safe; if you lose it, you might lose access to the instance.
