[stephenr]

Unless you're running something particularly esoteric (which means you aren't used RDS anyway), software updates will come from either your distro's packages if you use them, or the vendors packages (e.g. mysql, percona, mariadb, whichever flavour of postgres, etc). So updates are straightforward, regular maintenance, not that different from any other Linux server. Who maintains the servers that your app/site runs on?

Security is basic OS security, and then DB specific security, which is IMO easier to deal with than AWS security.

Your infrastructure setup should be repeatable, regardless of whether you use AWS or a bunch of old laptops in a closet. This can be anything from shell scripts to your own custom apt repo and private packages - so if you need to 'redeploy' because you don't have a HA failover (I dunno, maybe you like to live dangerously?) you re-run the setup process on a new cluster, and import the last backup you have.

Sure, for some organisations AWS may be the best case scenario, but I've yet to see one where it actually is. More likely, is organisations that somehow believe AWS means "I dont need ops" because a developer with zero ops capabilities/experience clicks some 'create instance' buttons, and follows a web tutorial on 'how to run your site on AWS'.