When trying to evaluate the security of AWS over the last few years this document would have been REALLY useful.
It’s a couple of years old now and there may well be a more up to date version out there, but I’ve just stumbled up on it so I thought I’d repost it here for anyone else who needs a reference/is looking into AWS structure and security for their applications.
http://s3.amazonaws.com/aws_blog/AWS_Security_Whitepaper_2008_09.pdf