"If APTs target AWS, they will compromise it"

Not all compromises are the same. They might get into some logging API in AWS. With Azure, the get the master keys. Both are compromises; they aren't the same. Either you have never used Azure, know nothing about security, or you work in MS marketing.