The Financial Times reports that AWS' operation in Bahrain was damaged after an Iranian strike, with Bahrain hosting a US military base that made it a target. This was not the first incident. Earlier in March, AWS warned of "unpredictable" Middle East operations after drones directly damaged infrastructure. Iran's state media confirmed it had targeted Amazon's Bahrain data center. The cloud — the most ethereal brand in technology — has a physical address, and that address is in a war zone.
A Decade of Warnings
The physical vulnerability of internet infrastructure is not new. In October 2015, the New York Times reported that US officials were concerned about increased Russian naval operations indicating the ability to cut undersea fiber optic cables. In January 2018, experts analyzed the consequences of physical damage to the undersea cable network. In 2024, Houthi fighters in Yemen damaged subsea cables in the Red Sea. Later that year, US officials told Google, Meta, and others about concerns regarding the security of their submarine cable routes.
The warnings were consistent, specific, and ignored. Not because anyone disputed them, but because the economics pointed in the opposite direction. The Middle East offered market access, data sovereignty requirements, and proximity to fast-growing economies. The risks were theoretical. The revenue was real.
The Gulf Buildout
Starting in 2019, the world's major cloud providers raced to build infrastructure in the Persian Gulf. AWS launched its Bahrain region — the first hyperscale cloud in the Gulf. Azure expanded in the UAE. Google planned data centers in Qatar. The Gulf states invested heavily in cloud and AI infrastructure as part of their economic diversification from oil, with plans to spend $300 billion on digital infrastructure.
The pitch was straightforward: put the servers closer to the customers, comply with data sovereignty laws, and capture a growing market. The assumption — unstated but load-bearing — was that the geopolitical environment would remain stable enough to keep the buildings standing and the power flowing.
The Escalation
In March 2026, that assumption failed.
-
MAR 2AWS says its Middle East facilities are facing power and connectivity issues. The first acknowledgment of physical disruption.
-
MAR 3AWS warns of "unpredictable" operations after drones "directly damaged" infrastructure near its facilities.
- Mar 6 Iran's state media confirms it targeted Amazon's Bahrain data center. The attack was deliberate, not collateral.
-
MAR 9The Guardian reports that Iran targeting commercial data centers "signals a new phase" in the conflict — civilian tech infrastructure is now a military objective.
- Mar 13 Meta pauses the Persian Gulf section of its 2Africa submarine cable project. The physical internet stops expanding into the region.
- Mar 16 Drones cause a Qatari helium-producing energy hub to shutter. Infrastructure beyond data centers is affected.
- Mar 24 Amazon confirms its AWS Bahrain region is "disrupted" due to drone damage. The euphemism: "disrupted."
-
APR 1FT reports the Bahrain facility was damaged in an Iranian strike. Iran declares it will target US tech companies including Apple, Google, Intel, Microsoft, and Nvidia.
The Physical Layer
"The cloud" is a marketing term. The infrastructure is concrete, steel, fiber, and power. It's cooling systems that need electricity. Fiber optic cables that cross oceans. Buildings that need to not be hit by drones. The entire premise of cloud computing — that your data is "somewhere else" and therefore safer — depends on the assumption that "somewhere else" is secure.
For most of cloud computing's history, the physical layer was invisible. Companies didn't think about where their data lived because they didn't need to. Data centers in Virginia, Oregon, Ireland, Singapore — these were stable jurisdictions with reliable power and no military threats. The Middle East expansion changed the risk profile without changing the marketing.
Iran didn't attack "the cloud." It attacked a building in Bahrain. The building was the cloud.
The consequences are rippling beyond Bahrain. Asian bankers say rising power prices are forcing data center recalculations. The US-led conflict is complicating Gulf nations' $300 billion digital infrastructure plans. Meta has paused submarine cable construction in the Persian Gulf. Raspberry Pi raised prices citing higher memory costs driven by the conflict. The physical supply chain of the internet is being reshaped by physical events.
What the Cable Knew
The undersea cable community saw this pattern before the data center operators did. In 2015, Russia's naval activity near cables raised alarms. In 2024, Houthis damaged cables in the Red Sea. By late 2024, US officials were briefing tech companies on submarine cable security. The US and China were competing for control of cable routes across the Pacific.
Submarine cables carry 95% of intercontinental internet traffic. Data centers process it. Power grids power the data centers. Each layer is physical, each is geographically specific, and each has been under growing threat for a decade. The cables were targeted first because they were the most exposed. The data centers are being targeted now because the conflict has escalated to the point where buildings on land are viable military objectives.
Eleven years separate the New York Times warning about Russian submarines near undersea cables and today's Financial Times report about Iranian drones hitting AWS. In that time, cloud computing grew from a niche service to the default infrastructure for every company on earth. The vulnerability didn't change at all. In 2015, the internet's physical fragility was a think-tank concern. In 2026, it's a $300 billion construction program that just met a drone.