Currently Elastic Bamboo requires you give it your account level credentials to run properly. This isn't really acceptable in many environments and we should be able to use IAM to create a bamboo user with restricted permission (i.e. bamboo doesn't need permissions to create a new VPC, or delete non-bamboo instances).
To me this is a major security problem. The response so far from support was this:
"After confirming with the Bamboo seniors, I can say that the Bamboo user does need full access to the account. We also recommend that a dedicated account be created for Bamboo to ensure that, should Bamboo "go sideways," any damage is restricted only to the Bamboo user's account."
Running a dedicated account just for bamboo isn't horribly practical if you have other resources the builds depend on, especially in a VPC environment.