EAS security questions

How do authentication and authorization work between the Azure DevOps and EAS build environments if I am building from a CICD pipeline in Azure DevOps?
The EAS server is referred to as an EC2 instance; if so, is that dedicated for each customer?
Would the S3 bucket be dedicated to my account?
Any source code or any other artifact I push to the EAS environment, do you retain it? Or delete immediately.
Need an up-to-date SOC report and pen test of EAS build if possible if that’s posted anywhere.