probably, but not HIPAA or PCI or many of the other ones people care about. Even for FedRAMP there is a distinction between the lower-tier of compliance which is applied to us-east and us-west (whose only interesting requirement is "do you have a FIPS cipher-suite only endpoint?") vs. the high-tier of compliance which necessitates govcloud.
EDIT: you may be talking about compliance regimes that necessitate that only certain operators have access to certain data (or in some cases have no access at all). while that may be a compliance requirement, that's also stuff aws just does /anyways/ and fits along normal operating procedure of least privilege and defense in depth. what doesn't align with normal operating procedure is something like only americans can look at these logs, because most companies don't built teams by nationality.
otherwise, almost all compliance regimes don't necessitate tiering. and by avoiding tiering and building your multitenant services on top of all of the other multitenant services that aws offers that are XYZ compliant (https://aws.amazon.com/compliance/services-in-scope/), it becomes very straightforward to get your service compliant. this is what makes tractable for every one of those pages to have just about every aws service that matters marked as compliant.
and this isn't just conjecture; i've sat through several of these reviews personally and so long as you build your service in the aws way you spend about a day or two of your team and then a little bit later your service is certified, save for FedRAMP where you spend some amount of time setting up new loadbalancers and any artifacts that need to use to switch to a FIPS-compliant ciphersuite.
EDIT: you may be talking about compliance regimes that necessitate that only certain operators have access to certain data (or in some cases have no access at all). while that may be a compliance requirement, that's also stuff aws just does /anyways/ and fits along normal operating procedure of least privilege and defense in depth. what doesn't align with normal operating procedure is something like only americans can look at these logs, because most companies don't built teams by nationality.
otherwise, almost all compliance regimes don't necessitate tiering. and by avoiding tiering and building your multitenant services on top of all of the other multitenant services that aws offers that are XYZ compliant (https://aws.amazon.com/compliance/services-in-scope/), it becomes very straightforward to get your service compliant. this is what makes tractable for every one of those pages to have just about every aws service that matters marked as compliant.
and this isn't just conjecture; i've sat through several of these reviews personally and so long as you build your service in the aws way you spend about a day or two of your team and then a little bit later your service is certified, save for FedRAMP where you spend some amount of time setting up new loadbalancers and any artifacts that need to use to switch to a FIPS-compliant ciphersuite.