The problem of regulatory PCI compliance in public cloud such as AWS applies more to small and medium size companies than enterprises. For example, if you are a Bank or financial institution then you can spend sizable sum on assessing yourself for PCI compliance and work with leading auditing firm to achieve the same. However it becomes challenging for small companies running payment applications or infrastructure on foundation services such as EC2 (Elastic Cloud Compute) and S3 (Simple Storage Service). AWS clearly states that you can get a completely PCI compliant infrastructure on EC2 and there are number of customers using AWS infrastructure services who are PCI/PA compliant. Security and compliance is a shared responsibility between AWS and service provider/customers.