Hate to tell you, but some 'reliable' sites report that Amazon was affected by the bug and some say that Amazon was not affected by the bug. But the ones that say they were; also report that Amazon has patched the bug and passwords should now be changed. Think I will be erring on the safe side.
This whole sweeping heartbleed under the rug thing is start to really piss me off. EVERY WEBSITE THAT USED OPENSSL HAS BEEN AFFECTED FOR TWO YEARS! Anyone who says otherwise or says, OUR SERVERS WERE NOT AFFECTED are lying, plain and simple. Just because you patched on 0-day does not mean you weren't vulnerable, also google and cloudflare as well just because you got the info before hand doesn't mean you weren't vulnerable, you were vulnerable for two years. This is sick and disgusting and everyone should be very worried about the future of the internet.
Re Heartbleed: This article/chart on BGR (April 15) lists major sites that were affected, and includes "Amazon Web Services" on its list needing new safer passwords immediately. There's also a link for a browser fix to warn of unsafe sites.
Email, financial and major shopping sites are listed.