[kayoone]

couldnt attackers then grab your EC2 dashboard cookie and possibly compromise your EC2 instance ?

I mean if you need to login there first via an unsecure session, its not really that much safer

[timdorr]

The AWS console runs entirely over SSL, so it is secure. E.g. https://console.aws.amazon.com/ec2/home

[bostonvaulter2]

But the EC2 login should be via https, although I'm not 100% sure that is actually the case.

[trueluk]

Your AWS dashboard would be compromised if you waited until you were on the open wireless network to run the EC2 instance, but attackers would not be able to compromise the EC2 instance. Once the instance has been created you can't change the Key Pair. You also can only download the private key associated with the Key Pair once, which is right when you create it. But of course, an attacker could stop or terminate your instance if he gained access to your AWS dashboard.

[scraplab]

Not true: the dashboard runs entirely on SSL - which is still encrypted on an open wifi network. Compromising SSL isn't out of the question though, but highly unlikely.