GovCloud is a separate partition from Secret. Different regulatory framework alignment and customer onboarding.
GovCloud customers only need be a US person or entity, beyond that any further regulatory alignment is up to the customer. AWS does not audit the IAM user base for nationality or any compliance requirements.
Disclaimer: I am an AWS Public Sector Solutions Architect.
So, just to clarify: if a "customer" who happens to employ tens of thousands of people also employs non-US citizens (such as the DoD's foreign national IT contractors), then non-US citizens would have access to GovCloud.
GovCloud customers only need be a US person or entity, beyond that any further regulatory alignment is up to the customer. AWS does not audit the IAM user base for nationality or any compliance requirements.
Disclaimer: I am an AWS Public Sector Solutions Architect.