Connect to EC2 using AWS SDK (i.e. from Java code): 
1. Go to
create User
Manage Access Keys (if needed, create an access key), download access key (csv), paste it in the Java Code (VMProvisioner).
In VMProvisioner: Update key name (keyfilename, not keyfilename.pem), update region etc.
2. In IAM console, create group, choose EC2FullAccess policy
3. Add user to this group (I struggled for a long time facing an error message "AWS unauthorized operation", before figured that this was the problem)

1. Just Amazon Linux AMI with the user "view"

chmod 400 abc.pem (I think the order is like this )