It doesn't seem to. My current place is all in on AWS and we have about 6 "DevOps" people dedicated to dealing with it all.
Last place we did pretty similar stuff with 3 data centers, all self hosted, self managed, mostly OSS stuff with about 6 sysadmins and way less hassle.
You realize that whenever a user visits a page that uses AdWords, AdSense, or login via Google, they download a script file from one of those domains, right?
So a user can log into Google and then log out, tying that header data to whatever PII Google has attached to them, and future visits to any sites using those and probably other services can be attached to the individual, despite them having intended to be logged out of Google services.
Last place we did pretty similar stuff with 3 data centers, all self hosted, self managed, mostly OSS stuff with about 6 sysadmins and way less hassle.