In performing vendor due diligence, do you ask for the vendor/3rd party service provider AWS Trusted Advisor report? With more use of AWS, it is too easy for vendors to just submit Amazon's AWS SOC2 report and feel that they satisfy security/risk assessment.
Have you had experiences where vendors refuse to provide? Or vendors stating that their AWS subscription does not include the Trusted Advisor report?
Any insight would be helpful as security professionals/auditors try to review this black box.