@martin: You're right, it doesn't really qualify as a WinSCP question. Funny how much you can learn in a few days. In the three days I waited for someone to respond, I figured out how to use WinSCP properly, including the authentication process (and discovering that my instance has a username of "ubuntu", and not "ec2-user"). Anyway, thank you for your response.

This is not really a WinSCP question.
Anyway, see
https://stackoverflow.com/q/32739421/850848
https://stackoverflow.com/q/10369547/850848

It appears the "instance" is tied to a specific login keypair. So, my attempt to login to the current instance with a keypair it wasn't designed to work with, will never work.

So now, is there some way I can tell AWS that there are TWO authorized people who can access the existing instance, and create a second, valid login keypair associated with the pre-existing instance?

** EDIT **

It seems there is something called an IAM Role or IAM User that can be defined to allow me to perform operations on the existing instance. But, it appears to require changes to configuration files that can only be accessed through SSH, and I don't think I have access to that (since I could not get logged in through PuTTY).

I'm thinking at this point my easiest way to gain access to the application's files through WinSCP is if I can get my hands on the original programmer's .pem / .ppk file.

I've been asked to take over maintenance of an AWS EC2 instance created by someone else for a client. The client has asked me to take over maintenance of a WordPress site installed on the instance.

I have never used AWS, and am muddling through the FAQ's as best I can. I have the client's login credentials for the AWS console. I can see the zone, instance ID, public DNS name, public and private IPv4 addresses, and I can see a key that was generated by the original programmer. Of course, I don't have access to the .pem / .ppk for that key pair.

On the AWS Security side of things, I have created a new set of access rules assigned to my personal IP address.

What I thought I needed to do was to create my own keypair, which I did using the EC2 "Create Keypair" mechanism. That allowed me to download a .pem file of my own, and I used PuTTYgen to create the corresponding .ppk file. I also used the PuTTYgen program to create a corresponding Public Key, but since I'm fairly new to PuTTY, and completely new to AWS EC2 and WinSCP, I'm a little confused. I'm thinking that the AWC EC2 keypair generator probably generated both keys (Public and Private), kept the public key on their server, and sent me the private key?

When attempting to login to WinSCP, I'm prompted for the Public DNS, the username (which I'm not sure is ec2-user, root, or ubuntu - so I've tried all three without luck) and the key. I've tried both the .pem and .ppk file, but in all cases, I get an error from AWS EC2.

There are various articles on Amazon's site about how to set up instances, how to define keys, how to associate IP's with security... but nothing seems to take a person from step 1 through step n on one logical progression. I could use some help.