The reason for this, say the scientists from the Darmstadt Research Centre for Advanced Security (CASED), is down to incorrect settings and what appears to be a failure to read the installation and help files correctly.
According to the researchers, "from 1,100 public Amazon Machine Images (AMIs) that are used to provide cloud services, about 30% are vulnerable, allowing attackers to manipulate or compromise web services or virtual infrastructures."
To counter the issue, the researchers have developed a vulnerability scanner for virtual machines that customers create to run on Amazon's infrastructure.
The CSED researchers say that, as cloud computing becomes more popular, more and more firms are offering services in the cloud, which results in users failing to address the security aspects of their cloud creations.
"Even though AWS provide their customers with very detailed security recommendations on their web pages, the scientists found that at least one third of the machines under consideration have flawed configurations", noted the researchers.
The research team also found they could extract security critical data such as passwords, cryptographic keys and certificates from the analysed virtual machines.
Attackers, say the researchers, can use such information to operate criminal virtual infrastructures, manipulate web services or circumvent security mechanisms such as Secure Shell (SSH).