Cloud Security Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters Two AWS data centers in the United Arab Emirates were “directly struck” and another facility in Bahrain was also damaged after a drone landed nearby. By Associated Press | March 3, 2026 (2:56 PM ET) Flipboard Reddit Whatsapp Whatsapp Email Damage to three Amazon Web Services facilities in the Middle East from Iranian drone strikes highlights the rapid growth of data centers in the region, as well as the industry’s vulnerability to conflict. The company’s cloud computing division, Amazon Web Services, said late Monday that two data centers in the United Arab Emirates were “directly struck” and another facility in Bahrain was also damaged after a drone landed nearby. “These strikes have caused structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression activities that resulted in additional water damage,” AWS said in an update on its online dashboard. It said by late Tuesday that recovery efforts at the UAE data centers were making progress. Unlike previous AWS disruptions involving software that resulted in widespread global outages, these attacks involving physical damage appear to have resulted only in localized and limited disruption. Amazon Web Services hosts many of the world’s most-used online services, providing behind-the-scenes cloud computing infrastructure to many government departments, universities and businesses. Advertisement. Scroll to continue reading. The company advised customers using servers in the Middle East to migrate to other regions, and direct online traffic away from the UAE and Bahrain. “Amazon has generally configured its services so that the loss of a single data center would be relatively unimportant to its operations,” said Mike Chapple, an IT professor at the University of Notre Dame’s Mendoza College of Business. Other data centers in the same zone can take over, and most of the time this happens seamlessly every day to balance workloads, he said. “That said, the loss of multiple data centers within an availability zone could cause serious issues, as things could reach a point where there simply isn’t enough remaining capacity to handle all the work.” Amazon doesn’t typically disclose the exact number of data centers it operates around the world. It says only that its data centers are clustered in 39 geographic regions, with three such regions in the Middle East, covering the United Arab Emirates, Bahrain and Israel. Each AWS region is split up into at least three data center availability zones, with each zone isolated and physically separated “by a meaningful distance,” although they are all within 100 kilometers (60 miles) of each other and connected by “ultra-low-latency networks” that reduce the time lag for data transmission. AWS says its data centers have redundant water, power, telecom, and internet connections “so we can maintain continuous operations in an emergency.” They also have physical security, but those measures, including security guards, fences, video surveillance and alarm systems, are designed to keep out intruders rather than defend against missile attacks. Chapple said the attacks are a reminder that cloud computing isn’t “magical” and “still requires physical facilities on the ground, which are vulnerable to all sorts of disaster scenarios.” Data centers run by AWS and other operators are massive facilities that are hard to hide, he added. “Organizations using services from any cloud provider in the Middle East should immediately take steps to shift their computing to other regions,” Chapple said. Related : Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low Related: Cyber Insights 2026: Cyberwar and Rising Nation State Threats Written By Associated Press More from Associated Press Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline Reddit Hit With $20 Million UK Data Privacy Fine Over Child Safety Failings Mississippi Hospital System Closes All Clinics After Ransomware Attack Amazon Scraps Partnership With Surveillance Company After Super Bowl Ad Backlash Nevada Unveils New Statewide Data Classification Policy Months After Cyberattack Italy Averted Russian-Linked Cyberattacks Targeting Winter Olympics Websites, Foreign Minister Says Japan, Britain to Boost Cybersecurity and Critical Minerals Cooperation as China’s Influence Grows Latest News Fig Security Launches With $38 Million to Bolster SecOps Resilience Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability Quantum Decryption of RSA is Much Closer than Expected New ‘AirSnitch’ Attack Shows Wi-Fi Client Isolation Could Be a False Sense of Security 1.2 Million Affected by University of Hawaii Cancer Center Data Breach Android Update Patches Exploited Qualcomm Zero-Day Iran Cyber Front: Hacktivist Activity Rises, but State-Sponsored Attacks Stay Low Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit People on the Move Nick Andersen has been appointed Acting Director of CISA after the departure of Madhu Gottumukkala. Predictive revenue system company Clari + Salesloft has named Peter Liebert as CISO. Nscale has appointed Latha Maripuri as Chief Information Security Officer. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email