Not interact with other accounts without the consent of their owners.
Edit: whoops I mis-read this a bit, but the point still stands - he escalated using AWS keypair that did not belong to him, and he had no consent of the owner.
Edit: I feel that your edit is still stretching the terms a bit. It seems pretty clear that this isn't the abuse that the clause intends to prevent.
Also, the guy seems to only have verified that the credentials worked.
Not interact with other accounts without the consent of their owners.
Edit: whoops I mis-read this a bit, but the point still stands - he escalated using AWS keypair that did not belong to him, and he had no consent of the owner.