I can't find information on what versions they're using. I'd expect AWS to make a statement about this, because it's a pretty big deal, but again, can't find anything.
To answer my own question, YES it is vulnerable. Use this site to test:
http://filippo.io/Heartbleed/
Your question sounds very similar to this thread on AWS Forums:
https://forums.aws.amazon.com/thread.jspa?messageID=535235&tstart=0
If you have not checked that before, in short; Yes AWS ELBs are affected by heartbleed and Amazon released this statement mentioning they are working on it:
http://aws.amazon.com/security/security-bulletins/heartbleed-bug-concern/
They have not provided a timeline yet.
For Amazon Linux images, patch is available through yum repositories. (Updated package: openssl-1.0.1e-37.66.amzn1)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With