node/MySQL/nginx for both app2 and SLS. both are on AWS -- the first federal govt systems to use them. Even with the urgency, needed to wait almost a year for them to be approved, mostly around security concerns.

I'd have serious problems if my healthcare information was processed and stored on servers controlled by a company like Amazon.

Given that AWS is HIPAA compliant and you can use most database products for PHI (https://aws.amazon.com/compliance/hipaa-compliance/), the likelihood is that you're going to see both public and private healthcare information moving into AWS (or Azure or GCE), if its not already there.

But what about Amazon makes you not want healthcare organizations to use it?

So, is it that you don't get how encryption works, or you think Amazon can access that data somehow?

If I ran servers which processed temporarily-plaintext health care information, and I couldn't snoop on it even with effort, I'd be ashamed of my poor skill at villainy. Encryption is not all-powerful.

"cloud" can be a scary topic, because it implies a loss of control and accountability.