How effective would this setup be if the parent company in the US is ordered to order the EU subsidiary to do something not in the interests of the EU?
If it breaks the law in the EU, then the European employees staffing the data center refuse, because they don't want to go to jail or pay fines.
That's the entire point of setting it up like this.
Think of it like fast-food franchises. They have to sell the same food and use the same branding and charge the same prices. But if McDonald's tells you to start selling cocaine on the side, you tell them nope, that's not in the contract and I don't feel like going to prison.
What if the software is developed and potentially backdoored in the US and deployed by the EU team in the sovereign region? Or did they rewrite the entire AWS stack?
If the EU employees can look around the code, it would then get quite interesting if they were to point out a backdoor. which they would of course raise with an EU based CERT.
In a way that protects US customers as well having a set that can't be stopped from doing that.
I don't think there are any protections against that. On the other hand, you'd have to ask yourself how realistic it is that the US is forcing Amazon to secretly backdoor its own software for US spying abroad? I can't give an answer on that one, you'll have to form your own opinion.
I imagine that if a back door were ever discovered, AWS's reputation would tank so hard that a lot of companies would probably never do business with it again.
Over 100%, in that I'm sure multiple independent groups are working on it all the time. The spooks regularly place actual agents in foreign governments (the Germans found a big nest of them and nothing much happened in the end). There's no way it would be challenging for them to find an employee willing to cash a giant cheque in exchange for quietly granting their own government access.
