Amazon Reveals Military Drone Attacks Hit Cloud Server Facilities Overseas

Multiple AWS data centers in the Middle East sustained physical damage from drone strikes, according to internal documents Amazon has shared with enterprise customers. The attacks, which engineers close to the project say targeted at least two facilities in the region, represent the first confirmed instance of kinetic military action disrupting major cloud infrastructure operated by a U.S. tech giant.

BleepingComputer reported the incident on March 3, citing Amazon's disclosure to affected customers. The company has not publicly specified which countries host the damaged facilities, though AWS operates data center clusters in Bahrain and the UAE as part of its Middle East expansion that began in 2019. Sources familiar with the infrastructure say the strikes caused enough damage to trigger failover protocols, routing traffic to redundant systems in neighboring availability zones.

The rollout of AWS in conflict-adjacent regions has been anything but smooth for Amazon's cloud division. Internal memos from 2024 show infrastructure teams flagged geopolitical risk assessments for Middle Eastern facilities, particularly around the prospect of regional escalation affecting physical sites. Those concerns, which some engineers say were downplayed during the rapid regional expansion phase, now appear prescient.

Amazon has not disclosed whether the strikes were targeted specifically at AWS infrastructure or if the data centers sustained collateral damage from broader military operations. The distinction matters significantly for enterprise customers conducting their own risk assessments. Several Fortune 500 companies with Middle Eastern operations have contractual requirements around data residency that prevent them from easily migrating workloads to European or Asian regions.

Engineers familiar with AWS architecture say the company's multi-availability zone design should prevent customer-facing outages even when entire facilities go offline, assuming the damage didn't affect multiple zones simultaneously. However, the incident raises uncomfortable questions about the physical security assumptions underlying cloud infrastructure in unstable regions.

The timing is particularly sensitive for Amazon's public sector business. The company has been pursuing expanded cloud contracts with government agencies that require in-region data storage for compliance reasons. Physical attacks on data centers fundamentally complicate the value proposition of maintaining local cloud presence in geopolitically volatile areas.

Amazon has not announced a timeline for repairs or whether the company plans to reassess its physical security posture for Middle Eastern facilities. What remains uncertain is whether insurance policies covering the damaged infrastructure account for acts of war, and how Amazon will handle customer service level agreements that may have been breached during any outage window.

Source: https://x.com/BleepinComputer/status/2028798794117136829