That's not say there are not problems. Typically the software running on the cloud is open source with many worldwide authors. Typically there is a staging cloud that is connected to the internet but behind a firewall. It requires a login to get into it. But one must consider the possibility that there can be a back door of some sort.
To get from the Amazon-provided standalone cloud to the outside is hopefully difficult. But I believe it would take one rogue Amazon insider to do it, their version of Edward Snowden.
Here's a description from Amazon: https://aws.amazon.com/blogs/publicsector/announcing-the-new-aws-secret-region/
You mean one American-educated, Chinese national employee, right?