No, kgosser is correct. AWS offers "HIPAA-eligible services". Batteries not included.
Being able to demonstrate HIPAA compliance is different. You need to be able to:
1) Prove that a wide range of controls are in place and operating effectively, many of which are administrative (risk assessments, policy controls, workforce training, manual config reviews, access control reviews, etc.)
2) Keep all of your documentation current, even as your code and architecture changes.
If you DIY on AWS, you accept all of the risk for everything from the hypervisor up. Not just the risk of adversarial breach, but misconfiguration, inappropriate configuration, patching, etc.
Being able to demonstrate HIPAA compliance is different. You need to be able to:
1) Prove that a wide range of controls are in place and operating effectively, many of which are administrative (risk assessments, policy controls, workforce training, manual config reviews, access control reviews, etc.)
2) Keep all of your documentation current, even as your code and architecture changes.
If you DIY on AWS, you accept all of the risk for everything from the hypervisor up. Not just the risk of adversarial breach, but misconfiguration, inappropriate configuration, patching, etc.