What I’m waiting for and don’t yet see is the ability to delegate to and constrain the access of 3rd party service providers to your AWS account(s). Right now, you have to hand over complete control of your account to even the most trivial AWS service provider which is not a very comfortable model from either a security or traceability perspective. It looks like AIM is getting pretty close to enabling this but is not there yet. Some gaps include:

• that an AIM user does not have an obvious mapping to an EC2 user (or per-user ssh keys).
• the lack of AIM user auditing and logging. This is tagged as being addressed in an upcoming release.

All in all, a very promising start to addressing a critical chink in the AWS eco-system for 3rd party services.