This call requests a new private key from EC2. The response is then parsed using a JMESPath query, and the private key (in the KeyMaterial property) is saved to a new key file with the .pem extension.
Finally, we change the permissions on the key file so that it cannot be read by other users—this is required before SSH will allow you to use it.