T & Cs stringent already

I use the AWS APIs (and the apps I coded were unaffected by this as they require users to provide their own keys - Amazon made clear for ages in advance this minor change was going to happen). If someone finds the functionality useful enough they will be prepared to get keys from Amazon - it only takes a few seconds. The change is quite subtle anyway - main public key the same, just requires an extra secret key, and really no major hassle code wise.

My apps always used the users own keys as the whole idea of AWS affiliates is that click throughs (with id encoded in urls) that lead to Amazon purchase give the affiliate a tiny cut of that sale - lots of sales via Amazon gives nice cash reward: My customers want this cash for themselves - they do not want my keys earning me money via lots of micro-payments.

The AWS T&Cs - if you bother to read them, are very restrictive - when I last checked the images and other information can be cached for no longer than 24 hours and long term storage is totally forbidden: So the apps I produce get data dynamically and do not store it: Another benefit of using users own keys is that, if someone uses my apps and takes a long term copy of the data my app dynamically serves (violating T&Cs) then that is their breach of contract with Amazon and their legal responsibility.

However just about every other app I have seen that uses AWS breaches the Amazon T&Cs - but Amazon seem to take a very relaxed attitude, this change does not prevent that abuse.

Apps that did uses a single key for many users were at risk anyway - there are (quite low) usage limits (unless you apply to get a more "pro" account where restrictions are far less) and using same key in a widely distributed app could have meant calls fail (although from my testing it seems Amazon never really enforce the non "pro" limits - using test accounts I have exceeded the 1 call per second limit and daily call limit without problems).

Anon as commenting on an area I work on occasionally.