Using linux (Ubuntu) instances on Amazon EC2 is a quite safe thing to do, at least measured by the security provided by the platform (security groups, ACL, physical security,..). I recommend reading their security site here. At the end of the day the server is only as secure as you configure it, if you choose to open all ports running services with their default configurations and password settings, Amazon can’t help you.
When connecting to a Ubuntu server with ssh you need to provide the keyfile (somekeyfile.pem) that you can download when creating the key pair.
This 2048 bit key is required to login as regular ubuntu user. What I dislike is the fact that this user can sudo all, so once someone manage to get into you user account, he has root access too. I recommend to set a password for the ubuntu user and change the sudoers configuration.
Change the password for user ubuntu
Open the sudoers include file
sudo vi /etc/suderos.d/90-cloudimg-ubuntu or sudo vi /etc/sudoers
change last line from
ubuntu ALL=(ALL) NOPASSWD:ALL
ubuntu ALL=(ALL) ALL