Is concern necessary about security in applications that run on AWS, Azure or Google Cloud?

If the code is shipped on any of these platforms in any way, including docker, how much concern is needed about security? Penetration testing, DOS and DDOS attacks mitigation and things like these?