Using AWS servers exclusively in the USA can be problematic under GDPR because:

No Adequacy Decision: US data protection laws (e.g., CLOUD Act, FISA 702) allow government access to data, conflicting with GDPR requirements.
Risk of Data Access: US authorities can access data without EU residents' knowledge or legal recourse.
Limits of SCCs: Standard Contractual Clauses alone are insufficient without extra safeguards like encryption or pseudonymization.
Controller Liability: EU companies remain fully liable for GDPR breaches when using US-based servers.
EU Alternatives Exist: Using AWS servers in the EU (e.g., Germany/Ireland) or EU-based providers reduces legal risks.
Mitigation: Use EU hosting, encrypt data with EU-managed keys, and conduct a Transfer Impact Assessment (TIA).