The AWS EC2 SOAP API documentation discusses securing the SOAP message using the WS-Security standard (specifically the X509 token profile).
However, the WSDL linked from the page doesn't have any WS-Security/WS-Policy declarations. What am I missing? Is the requirement to use X509 meant to be conveyed completely out-of-band through this documentation? That seems odd. I noticed that the WSDL was updated 2012-06-01 - is it possible that the WS-Security requirement has been relaxed?