Drone Strikes Take AWS Data Centers Offline in UAE, Marking First Military Attack on Hyperscaler Infrastructure
Three Amazon facilities in the Gulf sustained structural damage from Iranian drone attacks, forcing prolonged outages and exposing the vulnerability of cloud infrastructure in conflict zones.
Amazon Web Services confirmed that drone strikes damaged three of its data centers across the United Arab Emirates and Bahrain on March 1, marking the first known instance of a major cloud provider’s infrastructure being disabled by military action.
Two facilities in the UAE were directly struck by drones, while a third in Bahrain sustained damage from a nearby strike, according to CNBC. The attacks caused structural damage, disrupted power delivery, and triggered fire suppression systems that resulted in additional water damage. AWS warned customers that Reuters reported the operating environment remains “unpredictable” and recovery will be “prolonged.”
Iran fired 137 missiles and 209 drones across the UAE on Saturday, according to Data Center Dynamics, in retaliation for U.S. and Israeli strikes that killed Iran’s Supreme Leader Ayatollah Ali Khamenei. The assault represented a deliberate expansion of Middle East Conflict into the digital infrastructure that underpins regional commerce, banking, and government operations.
Scale of Disruption
At the height of the incident, AWS listed Amazon EC2 as disrupted, with DynamoDB, Cognito, and RDS degraded, while nearly 60 additional services including Lambda, S3, EKS, Redshift, and CloudWatch were impacted, according to Data Center Knowledge. Financial institutions and banks in the UAE reported online banking platform disruptions, demonstrating the cascade from infrastructure damage to consumer services. Abu Dhabi Commercial Bank said its platforms and mobile app were unavailable due to a region-wide IT disruption.
The physical damage extended beyond the initial explosions. AWS reports that fire suppression systems caused secondary water damage to sensitive server hardware, according to Neowin. With two Availability Zones significantly impacted, customers experienced high failure rates for data ingest and egress, prompting AWS to strongly advise customers to update their applications to ingest S3 data to an alternate AWS Region.
Strategic Vulnerability Exposed
The incident marks the first time a major American tech company’s data infrastructure has been hit by military action, raising fundamental questions about the billions U.S. hyperscalers have invested positioning the Gulf as a regional AI hub. Microsoft said in November it plans to bring its total investment in the UAE to $15 billion by the end of 2029 and will use Nvidia chips for its Data Centers there, according to Reuters.
In previous conflicts, regional adversaries such as Iran and its proxies targeted pipelines, refineries, and oil fields in Gulf partner states. In the compute era, these actors could also target data centers, energy infrastructure supporting compute, and fiber chokepoints, the Washington-based Center for Strategic and International Studies warned just last week.
The UAE military intercepted 165 ballistic missiles, two cruise missiles, and 541 drones over two days. Thirty-five drones and five projectiles still got through, striking airports, Jebel Ali Port, and the facade of the Burj Al Arab hotel, according to Rest of World. Protecting data centers against a sustained wave of missiles and drones requires expensive, layered defenses that are difficult to maintain.
The economic calculation favors attackers. “It is cheaper to attack than to defend,” Ali Bakir, an assistant professor at Qatar University, told Rest of World. Security frameworks behind the U.S.-UAE AI partnership were built for supply chain control and political alignment, not for protecting buildings during a military attack. The physical security of strategic digital infrastructure may have been assumed to fall under broader national defense without ever being treated as a distinct vulnerability.
Timeline of Failure
Concentration Risk Realized
According to DataCenterMap, there are roughly 326 data centers across the Middle East, with the largest concentration centered in Israel, Saudi Arabia, and the UAE. Over the past decade, U.S. cloud titans have steadily expanded their influence in the region. Google, Amazon, Microsoft, and Oracle all operate facilities in nations now under bombardment by Iranian forces, according to The Register.
“When applications rely heavily on a single cloud environment, slowness or service interruption can quickly ripple across banking apps, airline booking systems and consumer-facing services.”
— Vibin Shaju, EMA VP at Trellix, to The National
The AWS incident primarily affected application programming interfaces and service availability rather than core systems, but demonstrated how dependency on shared infrastructure can create a “single point of impact” during conflict. The incident places focus on established data center design principles, including geographic separation and workload distribution across multiple AZs and regions. It also demonstrates the limits of resilience when physical infrastructure faces direct external impact.
Industry benchmarks show that cloud downtime costs between $5,600 and $9,000 per minute for mid-to-large enterprises. For the regional financial sector, where financial institutions that use AWS services have been affected by the outage, the economic toll compounds daily.
What to Watch
- Other hyperscalers – Microsoft, Google, Oracle – operate facilities in the same strike zones but have not reported damage. Their silence may indicate operational security concerns or intact infrastructure protected by different defensive arrangements.
- Whether this was a contained episode or the start of a more sustained cycle of disruption could reshape long-term assumptions about stability in the region, Ryan Bohl, senior analyst at RANE Network, told Rest of World.
- AWS has advised customers that “ongoing conflict in the region means that the broader operating environment in the Middle East remains unpredictable” and recommended customers with workloads running in the Middle East consider taking action now to backup data and potentially migrate workloads to alternate AWS Regions.
- The attacks establish a precedent that data centers – long considered civilian infrastructure – are now legitimate military targets. This reframes risk calculations for every hyperscaler expansion in geopolitically unstable regions.
The central question is whether Iran’s targeting of AWS represents opportunistic collateral damage or deliberate strategy. Levent Eraslan, a social media expert at Turkey’s Anadolu University, argued that Iran’s attack on Amazon’s Cloud Infrastructure showed the conflict was expanding beyond the military and into digital systems. “Data centers, cloud systems, and digital networks are as strategically important as energy facilities or military bases today. Such a move would be seen as an asymmetric cyber power message against American tech infrastructure.”
If intentional, the strikes signal a shift in Middle East conflict doctrine where digital infrastructure becomes a primary target rather than collateral damage – a development with global implications as cloud computing concentration increases and geopolitical tensions escalate.