I believe you can change to the new format (still not ed25519 though). After generating your keypair in the AWS console, do "ssh-keygen -p -o -f aws.pem" and add a strong passphrase generated from a password manager.