ntp security best practice with instance on AWS
Solution 1:
According to AWS documentation the servers defined in /etc/ntp.conf are:
The n.amazon.pool.ntp.org DNS records are intended to load balance NTP traffic from AWS. However, these are public NTP servers in the pool.ntp.org project, and they are not owned or managed by AWS. There is no guarantee that they are geographically located near your instances, or even within the AWS network.
Given AWS has set these as default in Amazon Linux I have to assume the risk is low. I wouldn't bother, personally.
You can manually set them to the documented NTP servers if you like, either specific servers or using their aliases which probably load balance. Click the links top right to find the URLs. Just edit the file /etc/ntp.conf to specify them.
Update 1 Dec 2017
The AWS Time Sync service is now available. Read the docs here.
Solution 2:
Well I know this is old but I just found it! I run kapu.ruselabs.com, it is part of the ntp pool project www.ntppool.org to provide free ntp/time services to servers! Most of the ubuntu/linux images talk to public ntp servers and many of us volunteer our time, money, bandwidth so folks can have an accurate time. Hope this helps!