Add GitHub ssh keys to ec2 instance
Since you mention that you'd use Secret Manager in a Google Cloud, it seems reasonable to suggest the AWS Secrets Manager service.
Set your private key as a Secret, and grant access to it with an IAM role attached to the EC2 instance. Then install the AWS CLI package before building the AMI, and you can use it to fetch the secret on first boot with a User Data script.
AWS - Keeping AMIs updated
Given that anything (almost) can be automated using the AWS using the API; it would again fall down to the specific use case at hand.
At the outset, people would recommend having a base AMI with necessary packages installed and configured and have init script which would download the the source code is always the latest. The very important factor which needs to be counted here is the time taken to checkout or pull the code and configure the instance and make it ready to put to work. If that time period is very big - then it would be a bad idea to use that strategy for auto-scaling. As the warm up time combined with auto-scaling & cloud watch's statistics would result in a different reality [may be / may be not - but the probability is not zero]. This is when you might consider baking a new AMI frequently. This would enable you to minimize the time taken for the instance to prepare themselves for the war against the traffic.
I would recommend measuring and seeing which every is convenient and cost effective. It costs real money to pull down the down the instance and relaunch using the AMI; however thats the tradeoff you need to make.
While, I have answered little open ended; coz. the question is also little.
People have started using Chef, Ansible, Puppet which performs configuration management. These tools add a different level of automation altogether; you want to explore that option as well. A similar approach is using the Docker or other containers.
Related Topics
Standard Library Abi Compatibility
Postgresql Database Default Location on Linux
Is There an Equivalent to Com on *Nix Systems ? If Not, What Was the *Nix Approach to Re-Usability
Limiting Certain Processes to CPU % - Linux
Two File Descriptors to Same File
How to Add Timestamp While Redirecting Stdout to File in Bash
Device Number in Stat Command Output
Why Is It That Utf-8 Encoding Is Used When Interacting with a Unix/Linux Environment
How to Write Linux Driver Module Call/Use Another Driver Module
How to Exclude Absolute Paths for Tar
Allocate Writable Memory in the .Text Section
How to Extract a Single Chunk of Bytes from Within a File
How to Simulate a Failed Disk During Testing