Why is this so hard
AWS has a self certifying protocol that is pretty comprehensive, actually. If you have actually paid attention and used the protocol to ensure you are following best practices, those buckets have been secured.
Completion of the protocols is then reviewed by Amazon and if passed “Advanced Parter” status is bestowed unto that company
To complete the protocols isn’t exactly trivial, but not impossible or even unlikely. Adherence to the protocols may slow down development slightly at worse until developers figure out how to work on their environment in a secure manner.
My opinion is that there is a certain class of software companies that have completely embraced “Agile” and behave like they are building gaming apps for cell phones, even if they are really building enterprise products that require a much more respectful attitude re: security than the current “We can do it this way and fix it properly if anyone notices”.