EDIT: Downvotes? I'm not sure whats up with the unrealistic expectations of AWS. Its a shared system. You should be encrypting your data from the point it leaves a client app or browser, configuring your app to tolerate misdirected requests, etc. You don't like that? Go rent some colo, buy some hardware, and run it yourself.
I can't tolerate misdirected requests, because I can't do anything about them. If my website had any hits in this period, and the response was 301 (as it happened), users won't be able to come back using this browser, pretty much, ever. Most people don't know how to clear their browser's cache.
Totally understand that. I'm an ops guy, and I'm not a huge fan of AWS, but I'm married to them for a lot of stuff. You engineer against most of what you can, but there are always going to be edge cases where you're going to drop a request somewhere. ELBs are usually where this is going to happen. Its no different than having your own F5 and it being in an inconsistent state. You know what you do then? Reboot it.
TL;DR These things happen. It sucks, but code isn't perfect.
EDIT: Downvotes? I'm not sure whats up with the unrealistic expectations of AWS. Its a shared system. You should be encrypting your data from the point it leaves a client app or browser, configuring your app to tolerate misdirected requests, etc. You don't like that? Go rent some colo, buy some hardware, and run it yourself.