Fantastic list with much more depth than I expected. Some surprises that others might be interested in from this article and comments below:
[1] Keeping buckets locked down and allowing direct client -> S3 uploads
[2] Using ALIAS records for easier redirection to core AWS resources instead of CNAMES.
[3] What's an ALIAS?
[-] Using IAM Roles
[4] Benefits of using a VPC
[-] Use '-' instead of '.' in S3 bucket names that will be accessed via HTTPS.
[-] Automatic security auditing (damn, entire section was eye-opening)
[-] Disable SSH in security groups to force you to get automation right.
[2] http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/Cre...
[3] http://blog.dnsimple.com/2011/11/introducing-alias-record/
[4] http://www.youtube.com/watch?v=Zd5hsL-JNY4
[1]