This is an amazing service. At this point, combined with the CloudWatch to Kinesis announcement earlier, AWS can pretty much act as a near-realtime IDS. If every packet headed into the VPC can be collected, analyzed, and acted upon, the opportunity is endless.

On a practical note, I enabled this on an account and have setup metrics filters. Being able to see charts and graphs of failed SSH attempts and attacks by port is really cool.