As described, Payment Card Industry Standard (PCI) standards are implemented with Node.js among AWS Lambda, Microsoft's Azure, Google Cloud Foundation, and IBM Open Whisk.
AWS Lambda included aws-serverless-express in Node.js module. It created with HTTP services.
I ask general question about express.js module.
Does aws-serverless-express in Node.js module create OS service internally or works as serverless routines only?
As you said, AWS Lambda and other AWS services used for a common serverless app (i.e., Amazon API Gateway) are PCI compliant. When you are using an Express.js with AWS Lambda, your Express.js app (which is actually Node.js app) is running inside your Lambda function, without any connection to the outside world, so it's definitely still PCI compliant. As shown in the attached image (from chapter 13 of our book), your app receives an HTTP request through Amazon API Gateway (PCI compliant). API Gateway then triggers Lambda function, that is also PCI compliant, and your Express app runs inside AWS Lambda.
We cover some of these questions in chapters 12 (payment via Stripe) and 13 (Express.js app) of our book.
You know it is dark times when the trees riot. I think this tiny ad is their leader: