Amazon Confirms Drone Strikes Damaged Three Data Centers in UAE and Bahrain

For years, the conversation around data center resilience has centered on power outages, cooling failures, and software vulnerabilities. Physical attacks on cloud infrastructure — actual kinetic strikes — have mostly lived in the threat modeling category rather than incident reports. That changed this week. Amazon Web Services has confirmed that drone strikes attributed to Iran damaged two of its data centers in the UAE and one in Bahrain, marking what is likely the first publicly confirmed military attack on major public cloud infrastructure.

The strikes occurred against the backdrop of escalating tensions between the United States and Iran. In the same period, both Nvidia and Amazon temporarily shuttered their Dubai offices as a precautionary measure. The fact that two of the largest names in tech felt compelled to evacuate regional staff tells you something about how seriously they're treating the security situation on the ground.

What Was Hit and What It Means for Cloud Services

AWS operates multiple availability zones across the Middle East, with significant infrastructure in the UAE — specifically in the me-central-1 region launched out of Abu Dhabi — and in Bahrain, which hosts the me-south-1 region, one of AWS's older Middle East deployments. Exactly which facilities sustained damage and the extent of that damage has not been fully detailed by Amazon, but the company confirmed disruption to cloud services in the region following the strikes.

For businesses running workloads in AWS's Middle East regions — financial institutions, government contractors, logistics firms, oil and gas operators — even partial disruption carries real consequences. Cloud outages in isolated availability zones can cascade into application failures, data sync issues, and compliance headaches, depending on how resilient the affected architectures were designed to be.

Iran's Targeting of Tech Infrastructure

Targeting American technology infrastructure in allied Gulf states fits a recognizable pattern in Iranian asymmetric strategy — hitting economically significant assets that create pressure without triggering the threshold for a direct military response. Data centers are attractive targets in this context. They're large, relatively fixed, power-hungry facilities that are difficult to fully harden against aerial threats. And disrupting cloud services used by government and financial institutions creates visible economic pain.

Drone technology has lowered the barrier to these kinds of strikes considerably. The same shift in warfare that's been visible in Ukraine and across the Middle East — cheap, maneuverable drones capable of precision strikes — now applies to civilian infrastructure targets. A drone capable of damaging a data center doesn't need to be sophisticated. It just needs to get close enough.

The AWS and Nvidia Office Closures

Both Amazon and Nvidia moving to temporarily close Dubai offices adds a layer to this story that goes beyond infrastructure damage. Dubai is the regional hub for most major tech companies operating in the Gulf — it's where sales teams, developer relations staff, and regional leadership tend to be concentrated. Closing those offices, even briefly, signals that these companies are taking the physical safety of their employees seriously, and that the threat assessment isn't limited to just fixed infrastructure.

For Nvidia specifically, the Gulf region has become increasingly strategic. Gulf sovereign wealth funds and government entities have been among the most aggressive buyers of Nvidia's AI compute hardware over the past two years, with deals running into the billions. Having to suspend regional operations, even temporarily, is a disruption to relationships that took considerable time to build.

What This Changes for Cloud Infrastructure Planning

The cloud industry has long operated on the assumption that physical security of data centers meant perimeter security, access controls, and maybe some bollards. Geopolitical risk — real, kinetic, military-adjacent geopolitical risk — has generally been treated as background noise, mitigated by geographic diversity across regions. What happened in the UAE and Bahrain challenges that assumption in a concrete way.

Enterprises with critical workloads in Middle East cloud regions will now be revisiting their disaster recovery and multi-region redundancy setups with a different lens. The question of whether to run active-active architectures across geographically dispersed regions — which many companies implement for performance or cost reasons — suddenly has a new security dimension attached to it. Running a backup in Europe or Asia-Pacific for a primarily Gulf-based workload looks a lot smarter today than it did a week ago.

The Broader Signal for Tech Companies in Conflict Zones

The Gulf region has attracted enormous tech investment over the past decade — from hyperscaler data centers to AI research hubs to startup ecosystems funded by sovereign wealth. That investment was predicated partly on political stability and the Gulf states' carefully maintained neutrality in regional conflicts. The current US-Iran escalation is stress-testing that calculus.

AWS, Microsoft Azure, and Google Cloud all have significant and growing infrastructure commitments in the region. None of them will be walking away — the commercial relationships are too valuable and the long-term opportunity too large. But expect the conversations around physical security, military threat modeling, and business continuity planning to get a lot more serious in boardrooms across Silicon Valley. This is the kind of event that permanently raises the floor on how tech companies think about infrastructure risk in geopolitically complex regions.