Advertise port 443, but listen on 9001
The Tor configuration used in the EC2 images includes "ORPort 443" and AccountingMax. This combination can make Tor stop working when it tries to re-attach the port after a period of hibernation.
Sebastian explained the problem on IRC; When Tor starts, it will open 443 as root and then drop its privileges. When Tor goes into hibernation, it closes the port. When Tor comes out of hibernation, it tries to reopen the port, and fails (non-root users aren't allowed to open ports lower than 1025).
The solution here is to advertise 443, but listen on 9001 (or another high port). This means that we need to have a firewall rule (e.g. using iptables) that can redirect the traffic.