[cptnbob]

1. He stored credentials in source control rather than using configuration profiles as specified in the AWS SDK documentation.

2. He pushed code to a new repository without verifying the security configuration of the created repository (granted the tool made it easy to do this but you should create a repo, verify it, then push code).

3. He used his master AWS account key/secret in the code which gave global access to everything.

4. He didn't use IAM credentials with a restrictive policy set to just access the resources required.

No, clearly not security concious.

I'm a solution architect in the financial services industry and have been for 16 years. Never do I assume I know what the hell I'm doing.