Not necessarily. AWS engineers cannot access your encryption keys unless you give them explicit permissions. They even offer Nitro enclaves where AWS Engineers can never access your keys.
Giving access to customer data to your staff by default is a design decision and can be avoided. However, in the end, it is a cost-benefit analysis where you have to decide how much you care about your customer's security. I have worked for enough start-ups/growth companies to know the value put on customers' security is sometimes shockingly low.
