Comment 7 for bug 1618615

Re Comment #5, I think that is still clearly a Class C1 since the typical case of EC2 credentials is uuid4 - in most cases it's guessing a UUID or someone is explicitly going around the API that ensures the use of UUID4.