If you choose to upload .pem to cloud storage, make sure you secure (encrypt) your .pem file, since it allows total access to the boxes! You should also secure remote access via the "security groups" firewall by only allowing known ip addresses (you can edit this via the aws console as needed). Since he mentioned the "The Command Line Crash Course" [1]. I might chime in with a couple into screencasts I've created.
I email myself my encryption passwords so that I - and any interested government agencies - can log in without me needing to remember them all the time.
Once you have physical access, no need for the private key. Unless you're encrypting all of your data, they'll just snapshot your VM to go through it later (or your EBS volume, depending on where the data is stored).
And yes, you can write out whatever is in RAM just as easily.
Did everyone forget that "cloud" means "someone else fully controls the hardware"?
It's actually kind of hard to remember sometimes that cloud-compute providers don't employ some sort of homeomorphically-encrypted VM containers. Even though they are completely impractical and have never even seen a proof-of-concept, the idea is so intuitive that I bet if you asked a random non-IT manager if Amazon could read memory or CPU registers on the instances his employees have running on EC2, he'd say no. "Because obviously," he'd pontificate, "nobody would be using cloud-computation otherwise."