Another take on this is that they're creating value for customers by shifting the reliability requirements from the customers themselves to AWS / lambda
... which I think is brilliant.
I feel like this new feature will make it super easy to work with Twilio. It's almost a no brainer.
But despite all that, I feel like setting everything up in one place would be a lot simpler.
Now if Twilio had a way to deploy serverless functions via git... that would be a clincher.
Also, a hell of a lot of work went into this feature. You can try setting this infrastructure up yourself if you think it will save you money. You already know they're using Lambda!
Sometimes systems that are secure with two parties become horribly insecure when you add a third. I don't know a lot about IAM but generally I'd be very cautious about using standard access control mechanisms to implement sandboxing while running the code "in your account", as often you find resources are made available to "the whole account" with no further access control settings, because the system designers didn't imagine customers running true third-party code.
That said Amazon has some pretty thorough access control features and I'm sure Twilio has looked into it and figured out something reasonable.