I get this, but isn't this a complete compliance failure?

What's the point of having all those loops to onboard vendors if you can just buy from AWS marketplace (which AFIAK is not a particularly high bar to achieve for SaaS options)?

Like imagine $POOR_QUALITY_VENDOR. If they go through the normal channels they might get shot down. If they get procured on AWS Marketplace, then it feels to me in many organisations 'its fine', though AWS does minimal checking?