Let’s disassemble that SSH command.
-i parameter sets an identity file. That means the
key.pem file must hold a private key that will be used to authenticate to the server. This is good, just make sure to keep that key safe.
-o parameter lets you set configuration options that’d usually go into the SSH configuration file on the command. The option
StrictHostKeyChecking no is dangerous, though, and I strongly advise you to remove it. It disables checking if the server is actually the one you want to connect to. Instead you should add the public key of the server to your workflow (for example using another secret), and write it to
~/.ssh/known_hosts before connecting. That way SSH can properly check if you are connecting to the right server. See ssh(1) - OpenBSD manual pages for details about how SSH authentication works.
firstname.lastname@example.org means to log in as the
root user to the server at
server.com. Check if you really need
root (administrator) access for what you are doing, and if not use a regular user.
The stuff between
ENDSSH are commands to run on the server.