You are familiar with using multi-site DR strategies, yes?
First it will be good if you read through the terms of service, privacy, data retention and service agreement contract. You will be astonished to know that buried deep within the legal language the data is owned by the cloud provider (as they own access as well as the rights to physical resource holding the data) and they provide you an option to export it (but this can be completely blocked by a notice from govt.). You can mitigate the risk by encrypting the data with your own key which is not shared with cloud provider (but indeed this is also not true most of the time given the key to encrypt the data is hosted with the cloud provider as well).
For your reference AWS for its instances still do not support ed25519 key for SSH access and needs an RSA public key (although its less secure). We need to go extra mile to customize the AMI images to support ed25519 keys and remove the account and keys created by AWS.
Please let me know how you will recover the data in case your multi-site deployment on AWS with DR is blocked by aws as they received a notice from government agency with a gag order.
> You are familiar with using multi-site DR strategies, yes?
Most companies using AWS or GCP or Azure use multi-region deployment (which means using different regions). But all will be shut down with a one single notice from government agency with gag order (you won't even know why given gag order).
So your multi-site DR will only work if the company keeps a self-hosted backup of data to avoid cloud provider from shutting down access to the data. This is precisely my point that self-hosted guarantees freedom not the cloud which is right opposite of freedom (traded for convenience).
