The early services were mostly self-contained.

A lot of newer stuff that actually scales (so Lightsail doesn't count) is entangled with "security", "observability" and "network" services. So if you just want to run EC2 + RDS today, you also have to deal with VPC, Subnets, IAM, KMS, CloudWatch, CloudTrail, etc.

Since security and logs are not optional, you have very limited choice.

Having that many required additional services means lots of hidden charges, complexity and problems. And you need a team if you're not doing small-scale stuff.