Billing Alerts – Amazon does not allow you to put a limit on how much you pay so CloudWatch is the way to get alerts.
MFA/2FA – security is crucial so you should be using 2 securities: such as password and hardware/software tokens.
Team Security – Each person should have his own unique SSH key
Privacy from Bots – Amazon Virtual Private Coud (VPC) is a networking feature of EC2 that allows you to define a private network for a group of servers. This will require a registering the private servers in the public side with a special security group to allow inbound access on port 22 (SSH) and also whitelist the IP’s that can connect to it.
Storage – S3 allows you to store files up to 5 TB and access them over HTTP or HTTPS.