The problem is nobody who is getting upset about this had any reasonable expectations to begin with. They're just now realizing they might need to protect their data against attackers inside AWS, and now they're caught with their pants down, so cue the hand-wringing.
