Amazon Web Services confirmed on Monday that its data centers in the United Arab Emirates were directly struck by Iranian drones on Sunday, marking the first known successful military attack on major cloud infrastructure that powers everything from streaming services to government operations.

The strikes represent a watershed moment for the tech industry. Cloud computing has always been marketed as infinitely resilient - redundant, distributed, immune to local disruptions. But those assurances assumed network failures and power outages, not kinetic military strikes.

AWS operates three availability zones in the UAE region, which serves customers across the Middle East. While the company has not disclosed the extent of the damage or which specific facilities were hit, the acknowledgment alone raises uncomfortable questions about the physical security of infrastructure that most companies - and governments - have outsourced to a handful of tech giants.

Here's what nobody wants to say out loud: most enterprises have zero contingency plans for this scenario. Disaster recovery plans account for hurricanes, earthquakes, even terrorist attacks on corporate headquarters. But what happens when your primary and backup data centers are in a war zone?

The attack comes as tensions between Iran and Gulf states have escalated dramatically. Iran has made clear that it considers UAE's cooperation with Western powers - including hosting American tech infrastructure - as legitimate military targets. Amazon chose to build in UAE for its strategic location and connectivity, but that geographic advantage just became a liability.

The cloud isn't just virtual. These are massive physical facilities with diesel generators, cooling systems, and fiber optic cables. They're housed in buildings that can be located on satellite imagery and targeted with precision weapons. And unlike traditional corporate data centers that companies controlled and could physically secure, cloud infrastructure is operated by third parties in locations optimized for cost and connectivity, not military defense.

This isn't theoretical anymore. Some AWS services experienced degraded performance following the strikes, though the company maintains that redundancy systems prevented complete outages. That's the good news. The bad news is that this playbook now exists: if you want to disrupt a country's digital infrastructure, you don't need to hack anything. You just need coordinates and explosives.

The question facing CIOs and government officials worldwide is whether this changes the risk calculus on cloud adoption. Do you need geographically dispersed backup regions? Should critical infrastructure avoid regions in geopolitical hotspots? Can cloud providers even guarantee uptime when facing nation-state military action?

Microsoft Azure and Google Cloud also operate facilities in Middle East locations that could face similar risks. None of the major cloud providers have military-grade physical security - that was never part of the threat model.

The technology worked exactly as designed. The failure was in assuming that datacenter locations were permanent, stable, and off-limits to military targeting. That assumption just got blown up, quite literally. Welcome to cloud computing in an age of kinetic warfare.