The reality is that there’s myriad providers that simply do not provide the assurances that AWS/Azure/GCP do. Sure, there’s a bit of “use these, because we know them, and they work”, but there’s also a bit of “the typical developer is not at all across the security requirements, especially taking into account contractural obligations and regulated industries”.