In order to get a BAA with Amazon you need to use dedicated instances. BAAs are required in order to use Amazon and be compliant with HIPAA. Running any dedicated instances in a zone costs $2/hr (just for the right).
but once you have the BAA , does Amazon force you to run the dedicated instance 24/7 ? I'm very confused , just running an app on a dedicated instance, does not make it HIPAA compliant since the app needs encryption in-transit and at-rest to be HIPAA compliant. You can achieve that on a regular instance ...
The BAA only applies to the dedicated instances—in particular, you have to VPC them—you cannot achieve HIPAA compliance with a non-dedicated instance.