[paulddraper]

Memcache has had reliable authentication (SASL) for some time. Redis has authentication meant to be a secondary protection.

But that's a good point.

I suppose all the services I use already have security models (usually more complex, multi-user ones, so agent X can read but not modify, etc.).

HOWEVER...this could be solved with security groups, but it seems that's not the model AWS has emphasized. Security groups are orthogonal to NAT and private networks; AWS had security groups before it had VPCs.