Update AWS docs

aws/README-zh.md

@@ -9,8 +9,8 @@
 可用的自定义参数：
 
 - Amazon EC2 实例类型
-> **注：** 在某些 AWS 区域中，此模版提供的某些实例类型可能不可用。比如 `m5a.large` 可能无法在 `ap-east-1` 区域部署（仅为假设）。在此情况下，你会在部署过程中遇到此错误：`The requested configuration is currently not supported. Please check the documentation for supported configurations`。新开放的 AWS 区域更容易出现此问题，因为它们提供的实例类型较少。
-- VPN 服务器的操作系统（Ubuntu 20.04/18.04/16.04, Debian 9, CentOS 7/8, AmazonLinux2
+> **注：** 在某些 AWS 区域中，此模版提供的某些实例类型可能不可用。比如 `m5a.large` 可能无法在 `ap-east-1` 区域部署（仅为假设）。在此情况下，你会在部署过程中遇到此错误：`The requested configuration is currently not supported. Please check the documentation for supported configurations`。新开放的 AWS 区域更容易出现此问题，因为它们提供的实例类型较少。如需了解更多关于实例可用性的信息，请参见 [https://ec2instances.info](https://ec2instances.info)。
+- VPN 服务器的操作系统（Ubuntu 20.04/18.04/16.04, Debian 9, CentOS 8/7, Amazon Linux 2）
 > **注：** 在 EC2 上使用 Debian 9 映像之前，你需要先在 AWS Marketplace 上订阅：[Debian 9](https://aws.amazon.com/marketplace/pp/B073HW9SP3)。
 - 你的 VPN 用户名
 - 你的 VPN 密码
@@ -41,16 +41,37 @@
 部署后如何通过 SSH 连接到服务器？
 </summary>
 
-在部署后，Ubuntu 实例的默认用户名是 **ubuntu**，而 Debian 则是 **admin**。Amazon EC2 不允许用户使用 SSH 密码访问新创建的实例。用户必须创建“密钥对”来作为 SSH 访问的凭据。
+你需要你的 Amazon EC2 实例的用户名和私钥，才能通过 SSH 登录到该实例。
+
+EC2 上的每个 Linux 服务器发行版本都有它自己的默认登录用户名。新实例默认禁用密码登录，必须使用私钥或 “密钥对” 登录。
+
+默认用户名列表：
+> **参考链接：** [https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-private-key](https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-private-key)
+
+| 发行版本 | 默认登录用户名 |
+| --- | --- |
+| Ubuntu (`Ubuntu *.04`) |  `ubuntu` |
+| Debian (`Debian 9`) | `admin` |
+| CentOS (`CenOS 7/8`) | `centos` |
+| Amazon Linux 2 | `ec2-user` |
 
 此模板在部署期间为你生成一个密钥对，并且在成功创建堆栈后，其中的私钥将在 **Outputs** 选项卡下以文本形式提供。
 
 如果要通过 SSH 访问 VPN 服务器，则需要将 **Outputs** 选项卡中的私钥保存到你的计算机上的一个新文件。
 
-> **注：** 在保存到你的计算机之前，你可能需要修改私钥的格式，比如用换行符替换所有的空格。
+> **注：** 在保存到你的计算机之前，你可能需要修改私钥的格式，比如用换行符替换所有的空格。在保存后，需要为该私钥文件设置[适当的权限](https://docs.aws.amazon.com/zh_cn/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-private-key)才能使用。
 
 ![显示密钥](show-key.png)
 
+要为私钥文件设置适当的权限，请在该文件所在的目录下运行以下命令：
+```bash
+sudo chmod 400 key-file.pem
+```
+
+使用 SSH 登录到 EC2 实例的示例命令：
+```bash
+$ ssh -i path/to/your/key-file.pem instance-username@instance-ip-address
+```
 </details>
 
 ## 作者

aws/README.md

@@ -9,8 +9,8 @@ This template will create a fully-working IPsec VPN server on Amazon Elastic Com
 Available customization parameters:
 
 - Amazon EC2 instance type
-> **Note**: It is possible that not all instance type options offered by this template are available in a specific AWS region. For example, you may not be able to deploy an `m5a.large` instance in `ap-east-1` (hypothetically). In that case, you might experience the following error during deployment: `The requested configuration is currently not supported. Please check the documentation for supported configurations`. Newly released regions are more prone to having this problem as there are less variety of instances. For more info about instance type availability in AWS regions, you might want to visit https://ec2instances.info/.
-- OS for your VPN server (Ubuntu 20.04/18.04/16.04, Debian 9, CentOS 7/8, AmazonLinux2)
+> **Note**: It is possible that not all instance type options offered by this template are available in a specific AWS region. For example, you may not be able to deploy an `m5a.large` instance in `ap-east-1` (hypothetically). In that case, you might experience the following error during deployment: `The requested configuration is currently not supported. Please check the documentation for supported configurations`. Newly released regions are more prone to having this problem as there are less variety of instances. For more info about instance type availability, refer to [https://ec2instances.info](https://ec2instances.info).
+- OS for your VPN server (Ubuntu 20.04/18.04/16.04, Debian 9, CentOS 8/7, Amazon Linux 2)
 > **Note:** Before using the Debian 9 image on EC2, you need to first subscribe at the AWS Marketplace: [Debian 9](https://aws.amazon.com/marketplace/pp/B073HW9SP3).
 - Your VPN username
 - Your VPN password
@@ -41,36 +41,36 @@ You may choose an AWS region using the selector to the right of your account inf
 How to connect to the server via SSH after deployment?
 </summary>
 
-You need to know the username and the private key for your instance in order to login to it via SSH.
+You need to know the username and the private key for your Amazon EC2 instance in order to login to it via SSH.
 
-Each Linux server distribution on AWS has its own default login username, while password login is disabled since the use of private key, or "key pairs", is enforced. 
+Each Linux server distribution on EC2 has its own default login username. Password login is disabled by default for new instances, and the use of private keys, or "key pairs", is enforced.
 
-The following is a list of default usernames used by the distributions provided:
-> **Reference**: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html
+List of default usernames:
+> **Reference:** [https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html)
 
 | Distribution | Default Login Username |
 | --- | --- |
 | Ubuntu (`Ubuntu *.04`) |  `ubuntu` |
-| Debian (`Debian 9` only) | `admin` |
-| CentOS (`CenOS 7` and `CentOS 8`) | `centos` |
-| AmazonLinux2 | `ec2-user` |
+| Debian (`Debian 9`) | `admin` |
+| CentOS (`CenOS 7/8`) | `centos` |
+| Amazon Linux 2 | `ec2-user` |
 
-For the private key(aka "Key pair"), this template generates one for you during deployment, and it will be available as text under the **Outputs** tab after the stack is successfully created.
+This template generates a key pair for you during deployment, and the private key will be available as text under the **Outputs** tab after the stack is successfully created.
 
 You will need to save the private key from the **Outputs** tab to a file on your computer, if you want to access the VPN server via SSH.
 
-> **Note:** You may need to format the private key by replacing all spaces with newlines, before saving to a file. The file also needs to be set with [proper permission](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-private-key) before it can be used by SSH client.
+> **Note:** You may need to format the private key by replacing all spaces with newlines, before saving to a file. The file will need to be set with [proper permissions](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connection-prereqs.html#connection-prereqs-private-key) before using.
 
 ![Show key](show-key.png)
 
-To add proper permissions to your private key file, run the following command under the directory where the file is located:
+To apply proper permissions to your private key file, run the following command under the directory where the file is located:
 ```bash
-sudo chmod 400 my-key-pair.pem
+sudo chmod 400 key-file.pem
 ```
 
-As a result, the command to login to your instance should look like:
+Example command to login to your EC2 instance using SSH:
 ```bash
-$ ssh -i path/to/your/key.pem instance-username@instance-ip-address
+$ ssh -i path/to/your/key-file.pem instance-username@instance-ip-address
 ```
 </details>