The other day I was toying with Rubber to deploy a Rails3 app to Amazon EC2. I host the project code in a private Github repository, accessible only with my own SSH key.
In order to checkout your code an any EC2 instance you can do one of two things:
Copy your private SSH key to the instance - This sounds easy enough, but has serious security implications. You do not want to be sending out your private SSH key, do you?