Data centers are such great targets in modern warfare. A few cheap drones can inflict billions in damage with low direct casualties (if the attacker even cares). I have heard AWS in particular is secretive about the exact location of their data centers, but no doubt every major country knows exactly where they are.
They are not widely publicized but they cannot be entirely secret because when you use AWS Direct Connect you need to know where to do the work in. Not every AWS datacenter has Direct Connect, but any OSS intel person could do the work required. When you have sufficient incentive to know where (for instance, trading crypto) you will find out the difference between, say, a matching engine running in AWS's datacenter run by AT Tokyo or by Colt.
AWS does not publicize all of their stuff, true, but they have partner documentation, their partners are proud to be vendors to Amazon and will advertise, and there are old unlisted PDFs on the Internet. Besides, Amazon has thousands of employees and contractors and their families. This kind of thing is within reach of any human being with sufficient interest.
Which is why peace and diplomacy is so important. The last thing we need is to be war hardening everything, which is likely impossible in this day and age.
Some data centers are more valuable as targets than others. For example, those comprising us-gov-east-1 and us-gov-west-1 or, god forbid, us-east-1. I don’t expect it is a difficult task to find them and other critical infrastructure for a state, but probably more involved than popping open google maps.
That's a region. It's not only many buildings, it's many zones, each of which are many datacenters. A region is just a virtual partition for their services. A zone is a fault domain for their services, and a single zone is met by many datacenters, each of which can have many buildings. Or at the least, I know of at least one datacenter which has multiple buildings, that is within one zone that has multiple datacenters, that is within one region that has multiple zones.
Some Paris data centers are disguised as apartment buildings with the classic Hausmannian facade, and then you open up Google maps and see a ton of AC units stacked on the roof. These aren’t likely major cloud data centers mind you, and the motivation for concealing them has more to do with the city’s aesthetic codes than military defense.
They can typically operate indefinitely on diesel generators and have hot supply contracts with multiple suppliers. Even our small rinky dink datacenter had that.
So, it would generally be more effective to hit the actual datacenter than try to cut the power.
On the other side AMZN could have hired several RC plane hobbyists, fly them Emirates business class, put them into Burj Khalifa suites, fund several beefy jet, nitro or EDF planes for them (with jet getting as expensive as $5K), and have these guys on guard duty on the roof so they would take down any incoming drones (see Ukraine interceptor drones), and that would still be a pocket change compare to the datacenter damage. (of course somebody can get a startup going producing an automated container deployable unit consisting of like a VLS for say 64 such interceptors plus radar plus optical - can be quickly deployed when necessary for example onto datacenters or say onto large ships navigating some treacherous waters )
More tech-y approach - AI (or even actual security guards) monitor the video cameras and once there are incoming drones, several MW of power can be redirected into those datacenter's large satellite dishes (more precisely - into very simple microwave generators installed on the dishes) and the dishes turned toward the incoming drones - the drones will get cooked in seconds, add the kitchen microwave sound effect.
> A few cheap drones can ...
It is temporary. The race is only starting. Soon you will have to have a hive of highly intelligent autonomous drones to have even slightest chance to make through a hive of highly intelligent autonomous interceptors, etc.
The government based defense departments are very slow and expensive though, while the extremely valuable targets like the datacenters belong to the transnationals and located across the world (and more and more in space). Thus the transnationals would have to take care of the defense of their assets themselves (or outsource it to other transnationals, like say imagine AWS providing air-defense-as-a-service), more efficiently and agile than the government defense departments. If you take a look at Palantir Karp's book "Technological Republic" you can read that between the lines there too.
Maybe. I used to use this about 20 years ago, trying to track down where the UK root servers were so I could increase my drop-catching. Get test accounts on as many hosting providers as possible, check hops and ping times, move on to the next one. It's not as accurate as you'd hope, though.
Big tech's love for cheap labor is a great mechanism for finding where all their most valuable assets are and mapping out any and all vulnerabilities. I imagine state actors are applying to any and all low paying jobs that have seemingly juicy job requirements and feeling out details during interviews. Even better if you offer to accept a salary far below standard rates and actually get the job.
While probably not a state agent, I've personally done online interviews with some people that were clearly lying about everything and trying to feel out details about the company. People claiming to live in our country and being citizens but having little ability with the language, saying they would love to come to our city but it's a bit far, saying they graduated from a major university but being unable to describe anything about the town (with their resume mentioning graduating from a different university, and their LinkedIn a different university from either), random people moving around and arguing in the background, all their work was with random crypto businesses that shut down within months. I had to stop my coworkers from saying too much. I had to convince them why hiring that person for remote work and giving them access to our servers was a bad idea. There are without a doubt companies giving similar people physical access to their hardware. And there are undoubtedly people who practice interviewing to better deceive companies.
>> I wonder if you can uncover where the data center is just by using ping command.
Not exactly, but you can uncover cloud providers like Google and Azure, who forget to tell you, their "availability zones" are in the same data center ;-)
The relative lack of trucks is what would identify the data center. The only other buildings like that are warehouses, which have a lot more trucks going in and out relatively speaking.
That's some of how geolocation works. Ping can't go faster than the speed of light, so that gives you a circle for where something is. Ping from enough places and you can get a good enough idea, if you're the Iranian Guard or otherwise.
You can be secretive all you want, but it's extremely difficult to hide massive heat exchanging systems and/or generators from aerial/space photography. Particularly at the scale of an AWS-like datacenter.
Building a fully camouflaged datacenter could be done at much greater cost, but you still can't hide its thermal emissions from infrared. Basically every watt hour used in a datacenter environment turns into waste heat ultimately rejected into the atmosphere (except for the 0.000000001% that leaves the facility as photons down a fiber), so if you have N megawatts of waste heat from a rectangular shaped building located on a 300 x 400 meter sized plot of land, it's going to stand out.
Geothermal exists, but you would have to take care to design accordingly and even then there are plenty of other ways for a state actor to locate you. It probably doesn’t make much sense to spend money trying to hide from state actors; it’s probably better to (1) avoid conflict prone areas to the extent possible and (2) make it expensive for an attacker to shut you down (use more smaller data centers within a sensitive region, put some of them underground, etc) or (3) accept the risk of data center disruption.
Also you have to remember the basics of statuspage messages: Its always just elevated error rates. Even when the error rate is elevated to 100%.
"We are observing elevated error rates when accessing objects stored in the affected region. Impacted customers may experience increased latency or intermittent failures while retrieving debris adjacent data." /s
I'm surprised this reportedly only affected 19 server racks. Some of the small FPV quadcopter strikes I've seen videos of have collapsed entire homes. Even if the structure is more resilient than a fragile home, I would have expected the blast from a larger long-range drone like a Shahed to damage more server racks than that.
It's either 100lb or 100Kg, with a direct hit on a dense centre, it would damage a lot of racks, but if it's oblique, or indirect, impartial, the damage could be less pronounced. They could also be misrepresenting by diminishing the damage as there's a lot of information suppression going on.
Yea it's hard to reconcile such a small number of affected racks with such a widespread impact though, so this must not be the whole story. They're talking about a half a year to restore the data center. It must be more than a roof repair and 19 racks.
When I was working at AWS, which was a new service at the time, the example we often heard was a natural disaster or comet strike; would be what we were making our data centers redundant for. I don't think we were ever considered to be targeted during war and I'm sure they considered that they just didn't want to that affect that morale cost on the staff.
Three availability zones provides no protection against three ballistic missiles.
Region pairs are similarly totally ineffective against a mere six rockets.
No current missile defence system is effective against ballistic warheads reentering from space at hypersonic velocities.
Colocating thousands of businesses and hundreds of government agencies into a handful of hyperscale data centres is the text book definition of putting all of one’s eggs into a one basket.
If Iran’s attacks were more coordinated[1] they would have taken out all zones of every Middle East AWS, Azure, and GCP region. On top of the obvious direct damage to GCC nations it could have very likely permanently damaged the reputations of public clouds, possibly causing trillions in indirect economic damage to the United States.
[1] The theory is that the Iranian regime prepared for decapitation strikes by splitting their military into about thirty cells that can act independently.
AWS does not publicize all of their stuff, true, but they have partner documentation, their partners are proud to be vendors to Amazon and will advertise, and there are old unlisted PDFs on the Internet. Besides, Amazon has thousands of employees and contractors and their families. This kind of thing is within reach of any human being with sufficient interest.
I wonder if data centers will have to start doubling as automobile junkyards to conceal themselves.
[1] https://en.wikipedia.org/wiki/33_Thomas_Street
That is way more of a worse target than the existing us-east-1.
So, it would generally be more effective to hit the actual datacenter than try to cut the power.
More tech-y approach - AI (or even actual security guards) monitor the video cameras and once there are incoming drones, several MW of power can be redirected into those datacenter's large satellite dishes (more precisely - into very simple microwave generators installed on the dishes) and the dishes turned toward the incoming drones - the drones will get cooked in seconds, add the kitchen microwave sound effect.
> A few cheap drones can ...
It is temporary. The race is only starting. Soon you will have to have a hive of highly intelligent autonomous drones to have even slightest chance to make through a hive of highly intelligent autonomous interceptors, etc.
The government based defense departments are very slow and expensive though, while the extremely valuable targets like the datacenters belong to the transnationals and located across the world (and more and more in space). Thus the transnationals would have to take care of the defense of their assets themselves (or outsource it to other transnationals, like say imagine AWS providing air-defense-as-a-service), more efficiently and agile than the government defense departments. If you take a look at Palantir Karp's book "Technological Republic" you can read that between the lines there too.
While probably not a state agent, I've personally done online interviews with some people that were clearly lying about everything and trying to feel out details about the company. People claiming to live in our country and being citizens but having little ability with the language, saying they would love to come to our city but it's a bit far, saying they graduated from a major university but being unable to describe anything about the town (with their resume mentioning graduating from a different university, and their LinkedIn a different university from either), random people moving around and arguing in the background, all their work was with random crypto businesses that shut down within months. I had to stop my coworkers from saying too much. I had to convince them why hiring that person for remote work and giving them access to our servers was a bad idea. There are without a doubt companies giving similar people physical access to their hardware. And there are undoubtedly people who practice interviewing to better deceive companies.
It's much more effective to just go through satellite imagery and land title records.
https://www.wolframalpha.com/input?i=0.01+ms+at+speed+of+lig...
Not exactly, but you can uncover cloud providers like Google and Azure, who forget to tell you, their "availability zones" are in the same data center ;-)
Building a fully camouflaged datacenter could be done at much greater cost, but you still can't hide its thermal emissions from infrared. Basically every watt hour used in a datacenter environment turns into waste heat ultimately rejected into the atmosphere (except for the 0.000000001% that leaves the facility as photons down a fiber), so if you have N megawatts of waste heat from a rectangular shaped building located on a 300 x 400 meter sized plot of land, it's going to stand out.
Realistically you're getting photons returned too.
"We are observing elevated error rates when accessing objects stored in the affected region. Impacted customers may experience increased latency or intermittent failures while retrieving debris adjacent data." /s
https://www.politico.com/news/2026/05/01/trump-congress-war-...
Now, about those fuel prices...
Region pairs are similarly totally ineffective against a mere six rockets.
No current missile defence system is effective against ballistic warheads reentering from space at hypersonic velocities.
Colocating thousands of businesses and hundreds of government agencies into a handful of hyperscale data centres is the text book definition of putting all of one’s eggs into a one basket.
If Iran’s attacks were more coordinated[1] they would have taken out all zones of every Middle East AWS, Azure, and GCP region. On top of the obvious direct damage to GCC nations it could have very likely permanently damaged the reputations of public clouds, possibly causing trillions in indirect economic damage to the United States.
[1] The theory is that the Iranian regime prepared for decapitation strikes by splitting their military into about thirty cells that can act independently.