I installed OpenVPN on EC2, so I am going to SCP the client certificate, private key and CA certificate on the PC. Since OpenVPN was installed over NAT, it cannot be copied from a PC using Teraterm SCP. So, I want to SCP on EC2, which is linked to Internet-Gateway, and then I want to copy to PC with Teraterm SCP.
If i enter the following command on EC2 with OpenVPN installed, an error will occur. If i understand, please give me a professor.

$scp ./pki/private/client.key [email protected]:/home/ec2-user
Permission denied (publickey).
lost connection